Neil Bostrom: Microsoft TechEd (Friday)

Attacking and Defending ASP.NET Applications
This session provided a valuable insight into some of the small mistakes you can make in your applications that can be exploited. SQL injection, Cross site scripting and malformed url being some of the common ones. The key point that was raised was to not trust user input whatever form this may be, Querystring, Form Input, URL or Cookies. Validate any input and always assume it's malicious until proven safe.

Membership and Profiles in ASP.NET 2.0
The new membership object model that was introduce in ASP.NET 2.0 is extremely flexible and provides a lot of functionality out of the box. All the controls can have their HTML customized as well as just setting the CSS classes. The provider model that plugs into the back end also always almost complete customization.

A Distributed Solution with .NET 3.0
This was a practical session using all the new technology, WCF, WPF and WF. The Speaker had created a media library application with multiple front ends using WCF to communicate with a single server application. The application also demonstrated streaming video using WCF, but required some custom handlers as the out of the box functionality is not provided for streaming.

OlyMars
Take one crazy French guy that works at Microsoft and an awesome idea on how to take generation to the next level and you have OlyMars. It's a template-based generation system that comes with a bunch of inbuilt templates supporting ADO.NET, Presentation Controls and even Documentation. The framework that has been put in place is extremely well made and gives you incredible control on what you generate and where.

Neil Bostrom: Microsoft TechEd (Thursday)

Asynchronous ASP.NET Programming
It turns out that threads inside ASP.NET worker process are like hot pokers, you don't want to hold them for long!

Using asynchronous programming in ASP.NET, you can free up more time for the worker threads to do other work (like take more requests). The biggest wait times in your system are always external IO (Database calls, web services calls, file writing etc). By moving this kind of work asynchronously, it always so many more requests to be processed by your application.

The three main ways to accomplish asynchronous programming in ASP.NET are:

Asynchronous Pages
By adding asynch=true to the page header, extra event handlers are available on the page to allow you to wire up asynchronous events.

Asynchronous HTTP Handlers
Handlers are ideal for pulling images from databases or doing general file type actions. HTTP handlers are more lightweight than standard aspx pages as they do not need to load the page control tree model.

Asynchronous HTTP Modules
Modules allow you to control any part of a request coming in or going out. This has the same asynchronous model as the handlers.

Internet Information Services 7 (IIS 7)
A new version of IIS has been developed for Windows Vista and "Longhorn". Building on the success of IIS 6 with accounts to Security and Reliability, IIS 7 takes it one step further by splitting out most of the functionality of IIS into modules. This means you only need to load the modules you need. So if you're just hosting html pages, just load the static content module and nothing else. This makes the attack surface of IIS 7 much smaller than any previous version. Microsoft has also given IIS a new interface that integrates into Visual Studio and can also be access remotely. All the settings are stored using the same mechanism as ASP.NET, in .config files. These XML setting files allow settings to be overridden at any level or block them from being overridden. This makes for a flexible configuration model that IIS has been missing for years.

Continuous Builds
Continuous builds is such an important part of Agile programming that a lot of tools are now being released to support this need. We currently use NAnt with a custom tool for continuous integration. During this session we were shown some of the other players and their capabilities. FinalBuilder seems to be a well established tool with good support for all the common tasks. It has a small licence fee but nothing compared to the huge cost of Team System Foundation Server (TSFS).

Team System Foundation Server is a new Microsoft offering. It's probably one of less complete products but it is trying to do a lot of jobs (Unit Testing, Build, Code Coverage, Source Control, Document Versioning, Bug Tracking and Project management features). Saying TSFS is big is an understatement. The optimal configuration for TSFS is like 4 seperate servers. This is a big expense, let alone the licencing costs.

Neil Bostrom: Microsoft TechEd (Wednesday)

LINQ More Questions
We had another session on LINQ this morning covering much of what we have seen before. There was a lengthy Q&A slot at the end of session giving us a good chance to raise our questions on LINQ. Our main question was on how you control population of related objects to optimise the number of SQL calls made. This was always the biggest drawback we faced with using Gentle.NET. This seems to have some nice solutions in LINQ with declarity control over what is pulled back in your SQL calls.

Windows Presentation Foundation (WPF) In Web Applications
I was interested in joining this session to find out what kind of support WPF has for the web. Turns out is very limited; being only supported on IE7 and you have to have the framework 3.0 installed. It has almost no intergration with your existing web applications.

However, planned at the end of the development is a product code-named WPF/E (for everywhere). This is a cut down version of WPF that is planned to be shipped on most current platforms and browsers as a Flash-like plug-in. This could make for a very powerful addition to web development.

Hardcore .NET Production Debugging
This was a fantastic session covering some of the most advanced tricks to debugging memory leaks, crashes, application hangs and threading issues. It highlighted some of the great tools available to debug your applications on production servers. The most interesting point was on what you could do with crash dump files. These files had always interested me and I wanted to know more about making the most of them.

Dot NET Rocks!
This session was a live recording for the popular Dot Net Rocks show. Turns out the topic for this show was one very close to my own heart: Agile development. The Dot Net Rocks team had managed to dig up three very good experts on the topic and it made for a heated show covering really good tips on getting Agile development working for you in your company. We have already starting using most of the important Agile features (Unit testing and Continuous builds). This puts us in a very strong position to maybe try to pick up some of the other Agile features (XP Programming, The Planning Game, Sprints or Scrum Meetings).

Patterns for Service-Oriented Architecture (SOA)
This session was a do's and don'ts on web services for creating an SOA. Ron Jacobs was clearly a very experienced speaker in this field and brought across the issues very well. Here is a highlight of his points:

Do's:

• Make very strongly typed web services for business processes
• Try to version your service objects if you have to change them with existing clients
• A good design plan is to base your interface on the mental image of moving documents around an office, make it feel right
• Try not to think of web service calls as methods but more business processes

Don'ts:

• Make very general interfaces into your services. e.g DoEverythingMethod
• Use internal objects as part of your interfaces
• Create a chain of web service calls, as these would add a dependency of the client calling the methods correctly

Neil Bostrom: Microsoft TechEd (Tuesday)

ASP.NET AJAX
Previously known as "Atlas", this is Microsoft's open source implementation of AJAX. When I say open source, the client scripting is open source and is compatible with all major current browsers (IE, Firefox, Netscape and Safari - even on the Mac). This client scripting is being developed by the community in an open source fashion.

Server side scripting for this technology is Microsoft's usual closed source but is only compatible with ASP.NET so no real reason to make it open source. A lot of the server side work is drag-and-drop; you can change most of your existing code to start using the power of AJAX (when appropriate).

Neat features with this AJAX framework are that it will plug straight into existing web services. and has bridging code to allowing AJAX script to seamlessly call current web services.

SQL Server 2005: Advanced Indexing Strategies
All of this session made me see that I need to learn a lot more about sql server! and soon!

Summary of this session was try to always have a clustered index of your standard tables. Try to make the clustered index narrow (limited fields), unique (identity field, datetime / identity or GUID) and small (Identity). Sometimes the best non clustered indexes are the ones that cover a lot of fields. This gives the sql optimizer a bunch more options.

Kimberly Tripp knows her stuff and is incredibly passionate about SQL server and all it entails. She has made a bunch of online webcasts discussing almost every aspect of sql server and getting the most out of it. As soon as I get back to the office I will be downloading them all!

Language Integrated Query (LINQ) Framework
I personally believe this is the best thing to come out of TechEd: It's Gentle.NET on steroids backed by Microsoft. It's a well thought through framework for querying almost anything inside .NET. Objects in memory, you want to filter them? Job done. Sort, group, aggregate? Job done. You want to do all that with data from sql server? Job done. You want to all that with xml document / web services? Job done.

I believe this will fundamentally change how I write my code and I'm picking up a copy as soon as I can!

Visual C# IDE Tips and Tricks
Class Diagrams - You can drag framework classes into the class diagrams to explore them in more detail
Refactoring - All the refactoring in C# is code snippet based, meaning you can change the refactoring to suit your needs
Debugging - You can control more closely what is debugged and how it's displayed using the Debugger attributes available in the framework

IE 7

Last night I received the usual windows update icon. I have a quick click to see what security hole they were fixing this time. To my shock and disappointment it was sending me IE7!!?!

At 15mb this isn't any usual, security fix. IE7 has been completely rewritten to try to support as many of the new standards emerging as possible. The problem with this is it breaks so many existing sites, corporate Intranets, e-commerce applications. For any corporation or even individual to move to this browser is a bold move. This is what makes shipping it as a critical update such a shock!

At the end of the day, we don't really have that much choice but I think I'll put this update off for a couple of weeks.

Windows Vista is looking promising

Windows Vista RC1 seems to be making a good impression. The biggest issue people had with the previous releases was stability. This seems to have been improved and it's now almost a usable operating system.

I've personally been put off testing the OS due to the stability issues. Now this is becoming less of an issue, it may be time to create some VM to see how it holds up.