Thomas Williams

Jeff Atwood: UI Is Hard

Jeff hits the nail right on the head when he posts “UI Is Hard” (and the comments on his post are interesting too). Jeff points out and indeed highlights the fact that “you need to design the UI first”.

There have been cases where I have built the back-end logic and then realised that the UI won't conform to it, so I've either had to change the back-end or, worse, had a clunky UI. I'm ashamed to say that many, many times I find myself explaining my UI to a user (even after they've been using it for a while).  And often in my time as a developer I have coded the logic and processes, slapped on a few textboxes and buttons and called it a UI. It's when I start actually using my stuff that I realise there is room for improvement.

Asking the potential users early on in the piece can help. And I have found that keeping things Microsoft-like in the look and feel (e.g. standard buttons, groupboxes, menus) can add to the “intuitiveness“ of an interface. I guess “Office” is about the standard I want (somewhere between “Windows Explorer” and “Windows Media Player”). I try to get in the habit of sketching the interface on a piece of paper to make sure I've got all the elements I need, before figuring out my code.

So I agree - UI is hard.

Endnote: Recently I was complemented on some of my UI design - I used a quite simple, “inductive”-style user interface based on http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dnforms/html/winforms09212004.asp.

Geeky Info

Phil of Geeky Info posts about a free sticky-note type app that docks and hides called Stick. It also supports running Internet Explorer & Windows Explorer windows, and more. I have been running it now for a couple of days and found it useful for having a Notepad within easy reach.

Hey, and Phil's from Melbourne, and he's got a nice site. I've subscribed.

Documenting "sp_msobjectprivs"

DISCLAIMER: The general rule on SQL Server system stored procedures or undocumented stored procedures is: don't use them - they may change in a future service pack or not be available in a future release of SQL Server. Fair enough? And as always, I don't guarantee my code below will work on your system, let alone produce good results.

I recently found a use for the system stored procedure “sp_msobjectprivs”, which is called by SQL Server itself when you script database objects and ask to include the privileges in your output. I was using it to script permissions on stored procedures in order to generate my own “GRANT EXECUTE ON...”-type statements.

The first thing is to be able to decode the output when calling  “sp_msobjectprivs” by putting the results into a temp table:

CREATE TABLE #privs (
  [action] INT NOT NULL, --"action" from sysprotects
  [column] NVARCHAR(128), --sysname
  [uid] INT NOT NULL,
  [username] NVARCHAR(256), --user's name to GRANT or DENY/REVOKE
  [protecttype] INT NOT NULL, --206 for DENY/REVOKE, 205 for GRANT (from sysprotects)
  [name] NVARCHAR(128), --sysname of passed object
  [owner] NVARCHAR(256), --owner of the object
  [id] INT NOT NULL,
  [grantor] NVARCHAR(256)
)

The values for the “action“ and “protecttype“ columns are taken from the sysprotects table. For the appropriate values, see http://msdn.microsoft.com/library/default.asp?url=/library/en-us/tsqlref/ts_sys-p_0837.asp.

To populate the table, you can run a command like:

INSERT #privs EXEC dbo.sp_msobjectprivs '<object name>'

...where “<object name>” is the name of the database object (for me, a stored procedure) to script. Note you have to be in the correct database context for this call to work. You can try it, and look at the results compared to SQL Server's script to see how the columns work.

In my case I was calling the code above on a stored procedure, where the only applicable permissions are EXECUTE (no SELECT, UPDATE, INSERT or DELETEs, obviously). I can generate the exact permissions that SQL Server generates by using a statement like:

SELECT --first get whether this is DENY or GRANT
  CASE WHEN [protecttype] = 206 THEN 'DENY ' ELSE 'GRANT ' END +
  --get the object (stored procedure name)
  'EXECUTE ON [' + [owner] + '].[' + [name] + '] TO ' +
  --get the user we're issuing DENY or GRANT to
  '[' + [username] + '] ' +
  --if PUBLIC, specify "CASCADE"
  CASE WHEN LOWER([username]) = 'public' THEN 'CASCADE ' ELSE '' END AS [privs]
FROM #privs
WHERE --get only "EXECUTE" actions
  [action] = 224

Finally we need to drop the temporary table with DROP TABLE #privs.

I hope this comes in useful to someone out there, as I could find very little documentation on “sp_msobjectprivs” myself. Happy scripting!

Invoke "Add Network Place" Wizard

I don't know how other people deal with this issue, but I prefer to use Network Places instead of mapped drives in Windows Explorer, and I find it a pain that to get the “Add Network Place“ wizard, I have to hide the folder view to bring up the common tasks.

A (slight) shortcut is to invoke the “Add Network Place” wizard directly with the command line:

rundll32 netplwiz,AddNetPlaceRunDll

(Thanks to http://windowsxp.mvps.org/addnetwork.htm).

How do others dela with this issue?

SysInternals Autoruns Updated

Greg points out that SysInternals have released version 8 of their excellent Autoruns utility. Downloaded.

Piracy as Accepted Practice

Sometimes I feel as if I'm one of the few who think software piracy is a bad thing. I know plenty of good people, that would not break the law in any way, that have no objection to buying or just coming across pirated software/DVDs. This is not a dig at those people (some of whom are good friends): I reckon people should do what they're comfortable with. It's just that, if something's illegal, and it actually hurts people in my industry (it could be me it's hurting), why would I want to do it?

Tejas Patel blogs about a similar feeling when he posts:

I was talking to my friends and their friends last weekend on piracy and telling them that buying licensed copy is a good thing to do. They laughed at me and said licenses are for office and not for home purpose ( Ofcourse I disagree).

I remember once talking to someone who had sold their boxed copy of some software. The conversation got around to whether or not they had taken it off their machine, and the answer was “Of course not. I paid for that!”

At that time I was in the business of writing software that someone would buy. I thought to myself then, that I wouldn't appreciate it if someone took stuff I had written and cracked it so users did not have to pay. That has definitely influenced my views on software piracy.

I don't feel like I'm taking some sort of moral high ground here. I'm just happy to pay for software and entertainment, so I can own it.

OT: Definition for Legacy Code

Roy Osherove quotes a stunning, all-encompassing definition for “legacy code”:

"Before we get started, do you know what 'Legacy Code' means? It's code that works".

(via Bill McCarthy)

I can see how a user of a system would see things that way! I mostly perceive legacy code as being a software millstone that can be improved, yet most often has to be emulated.

Currently My Tabs Are...

Currently open in my browser tabs (and have been for days) are pages on design patterns in .NET, specifically the Observer and Singleton patterns. They're waiting for when I get back to coding - this week I have been working on reports, and next week I'll be giving a presentation to my co-workers and working primarily in SQL Server.

The pages are:

• Using an Observer design pattern to keep multiple forms up to date - this kicked it all off
• Illustrated GOF Design Patterns in C# Part V: Behavioral II
• Exploring the Observer Design Pattern
• Applying Observer Pattern in .NET Remoting
• Design Patterns: Observer

One thing looking at these patterns highlighted for me - there's not that much out there in VB.NET!

Also I enjoyed Greg Low's “SQL Down Under” podcast, and Jason Salas “Digital Pontification” for May 25 (cool link to Beatallica Jason!) although I don't know how much I can listen to - I find I have to keep my concentration up at work, so a podcast becomes either background chatter or a distraction (I still enjoy them when I can, though).

Google on the radar

Going for my MCSD

I started studying for my MCSD and I'm getting ready to sit my first exam at the end of the month - 70-306: Developing and Implementing Windows-Based Applications with Visual Basic.NET and Visual Studio.NET.

I'm nervous about the 170 minutes of tricksy questions, but I'm also nervous as I haven't done one of these exams ever before and I don't know what to expect. I've been preparing by studying Mike Gunderloy's excellent tome, but studying alone and without knowing what exactly is going to be on the test is weird.

Going through Uni helped me realise the value of studying with someone - maybe I'll check out the new online MCSD “TechnoStudy“ Study Group. On the plus side, normally I'm not a nervous exam taker, and I've got time to be thoroughly prepared, so I think I'll be right.

My wife Olivia and I decided that now was a good time to start doing the MCSD after toying with the idea for some time. I was a little sceptical of the whole process - I pay Microsoft to make the technology, then I pay Microsoft to be able to use the technology. Hmmm. But when I finished Uni, I had set myself a goal of reviewing my progress and job goals after 5 years, and the 5 years had elapsed, leaving me wanting to continue to enjoy IT and my job. The MCSD fits in here as a chance to make sure I've covered the basics and the things I might have missed, and also, hopefully, become a bit more advanced and proficient at my trade.

Having Olivia's input is really important to me because Olivia is an at-home Mum with TJ and Maya, and so I need her support as much as she needs mine, and money doesn't flow freely! But I believe that the costs are achievable: around $200 an exam (5 exams total to take), making sure I get good reference material so I can study (Amazon is a big help here), having time to study (my friend Tejas suggested allowing 13 weeks per exam), and hopefully not spending too much time on the computer at home when I should be spending time with family.

I looked into IT Masters, but I felt the cost was a little prohibitive, and the fact I have a Bachelor's Degree in Computing meant that getting a Master's was only a very little step. After talking to one or two people, I got the idea that a Masters in IT was directed at people who have experience in IT and currently work in the industry, but have no formal qualifications. Possibly at some stage in the future I'll be back at Uni studying to be a professor, but for now I'm happy with progress.

So wish me luck for my exam at the end of June...