Compsoft Flexible Specialists

Compsoft plc

Compsoft Weblog Compsoft Website News Archive Privacy Policy Contact Us  

Thursday, November 08, 2007

Henry Carter: Microsoft Tech-Ed 2007 (Thursday)

This morning was a struggle after the UK party last night and I think there were a lot of tired people in the theatres however the sessions were exactly the right blend of humour and technical depth to keep me awake and alert throughout.

First up was a look at the new Windows Live platform SDK which is being released this week. Basically speaking this means that it will now be much easier and in fact more secure to let applications use the data held within the Live system (Live Messenger/Hotmail contacts and Spaces). The Live platform will hold a list of domains which you allow to have your data and will maintain that list. An application can then simply request access to the data and so long as they are on your list then live will provide them with the data they have requested. This adds functionality to the already present RSS from Spaces as it will allow applications to access private spaces which is currently impossible. Another nice feature that this brings is that you will no longer need to give social networking sites your user credentials in order for them to look at your contacts list and therefore build your network dynamically. You can simply give them permission to see your data and they can ask Microsoft for it.

Next up was a very conceptual talk about the building of an SOA application and the pitfalls to look out for. This was very interesting and the two presenters (Clemens Vasters and Steve Swartz) were a really fantastic double act, very funny but also working together to give a really broad appreciation of the subject and really projecting the wealth of their experience. A pity that they were silenced by the marketing guys about project OSLO but these things happen.

After lunch was a discussion of the top ten things that developers always get wrong and although this was heavily focused towards windows applications it still brought up some good points like using the Windows event log instead of proprietary error logging and scripting changes to the database and including this script in the release of your system rather than forgetting about it and then wondering why your bug fixing release has just broken the world (These are things which we do atm). This was very nice as a proof that what we do is right and nice to see that so many people had turned up to find out how to make their code and procedures better. Reassuring in a world where the daily WTF has such a wealth of choice for content.

The next session was web application security which was a really interesting demonstration of some of the possible ways to exploit systems if they have been architected badly. There was then a discussion of methods and architectures which would avoid these exploits from being possible in our systems. This was certainly useful and really fun to see just how easy it is in some cases to access data, and elevate your permissions on a server. Most of these I am happy to see wouldn’t be possible in the systems which we have been producing but it is really nice to see the ways in which we need to think when designing systems and also the tools and techniques which are available to test our code for possible exploits will be really useful when preparing our systems for deployment.

Last session of the day was a continuation of the SOA talk which I had attended this morning. This time however it was a practical example and demo of the ideas and architecture discussed earlier in the day. This really helped me to see the implementation and in fact the true power of the concepts described. I can really see the benefit of writing systems in this way and feel that they will definitely play a huge part in the way system development evolves over the next few years. Really exciting stuff.

Labels:

0 Comments:

Post a Comment

<< Home