September 29, 2006

Time wasters for today

Sometimes we all need to dis-engage the mind for a bit.

Isaac, the QA engineer on our project team, has a knack for finding fun diversions:

Line Rider
Flash laser game


September 26, 2006

Lost email, culture and hiring

Someone was kind enough to email from this blog after reading a post asking about Magenic culture and what it's like to work here. I apologize for not replying, but I (insert embarrassed smiley face here) lost your email.

Please feel free to send another email and I would be happy to talk to you!

This brings up a good topic; in case you're aggregating this feed and don't visit the site, Magenic is always looking for good people. Check out the Careers page for more info.


September 25, 2006

IIS 7 Resources

Last week while I was in training, Eric Deily, a Program Manager on the IIS 7 team, came in to talk about the work they are doing. I tried to take good notes to pass along!

  • They have their own web site with code samples/demos/forums. Eric says the product team members actively monitor and watch the forums.

  • There is a link to the feature matrix  

  • There is a much better extensibility story. Developers will be able to swap in/out components. e.g. if you don't like how the static file handler works, you can write your own and replace the one that ships with IIS (via config)

  • That beast Metabase.xml is going away, replaced with a much better configuration UI and XML structure (much rejoicing there)

  • For those using PHP, there will be a module to support you

  • CGI is turned off by default (in the spirit of reducing your attack surface area)

  • It has web services exposed for remote server config (no more DCOM here) secured via Transport Layer Security (TLS/HTTPS)

  • Appcmd.exe will replace the admin scripts

  • They are VERY concerned with backwards compatibility - no web site left behind :)

  • Inetfino.exe is not installed unless you install the "IIS 6 management compatibility" component. This is a BIG CHANGE if you have scripts/developers who use iisreset on a regular basis.

  • Much more diagnostics/tracing built in. You will be able to do a dump at the app domain level if needed.

  • Microsoft PSS helped write more detailed error messages with suggested courses of action

  • You can play with this before Vista/Longhorn server comes out at

  • IIS7 will NOT BE on SERVER 2003. Eric said this was a technical limitation, not a marketing one!

  • For Longhorn Server, the team is focusing on the server-farm scenario

  • Eric did a very cool demo/sample at of writing your own module to replace the directory browser to build a photo gallery type of feature!


September 22, 2006

Building Connected Systems - Day 5 (the last day)

WOW, what a great week; this was a top-notch experience all-around!

Kudos to Pluralsight for putting on a great class. Covering this many topics in a week is a tall order but they pulled it off admirably!

The class was held at the Redmond Marriott Town Center where we received first class treatment and accommodations. I hope Pluralsight is able to keep using this location for future events.  (As a bad pun, their employees were very 'service oriented') :)

Clearly, Pluralsight has some of the best instructors in the industry (which is why I wanted to come here in the first place; if you're going to spend time and money on training, it had better be good training!).

Today, we're down to the eye-candy topics: WPF, Fritz did an AJAX demo with Atlas.

From a personal standpoint, I got to see my friend Brian (a Microsoftie) a couple times. Eric Deily from the IIS7 team came out to talk about features of IIS 7.0 which was very intresting. The IIS7 team has spent a great deal of effort in allowing you to swap in/out modules via config at a server->application level. This helps an admin pare down the server features to reduce attack surface, which is a good thing. If you want to write your own modules, you can swap out the built-in ones with your own (e.g. if you think you can build a better static content handler, go-for-it)!

Please feel free to email me (jeffk at Magenic dot com) if any of the blog posts about this week raise questions, etc...espically the areas of WCF and security!

It's fun being here in Seattle, but I'm realy looking forward to getting home again!


September 21, 2006

Building Connected Systems - Day 4

Ok, my mind is oatmeal now :) but i'm going to blog about today anyway!

Keith did the Workflow WWF (WF) lecture and lab today. In WF:

  • the Activity is the main unit of execution, reuse and composition

  • right now, integration between WF and WCF is not a great developer experience right now (this will improve as the WF and WCF teams have merged to the Connected Systems Division)
After the WF lecture, Keith left us in the very capabable hands of Mr. Fritz Onion who led us through ASP.NET 2.0 stuff for the rest of the day (UI, Data and web parts). After 3 days of solid learning, Fritz was kind to the class and didn't beat on us too much! :)

At the end of the day, Don Smith from the Microsoft Patterns & Practices Team (PAG) came in to talk about the good work they're doing and did demo of the WCF Service Factory. I'm really looking forward to the new build of this tool which supports the RC1 of the .NET 3.0 framework! Don was a blast to listen to and I know the class was glad he came out to talk to us!

One more day! :)

September 20, 2006

Building Connected Systems - Day 3

Today is 'Security Day' with the esteemed Keith Brown leading the class. We talked about lots of WCF-Security stuff, and also a lot about web security.

Some of the more interesting web security things were:

  • The Code Room - Vegas starring Keith Brown et. all.  It is a fun little poke at security on web sites and shows session hijacking and SQL injection.

  • Keith has an excellent set of tutorials about input validation located at All developers should be using these techniques to improve web site security!

  • Integer overflow in managed code exists in C#!!!! This suprises a lot of people (myself included). Keith recommended turning on checking at a project level, and use the 'unchecked' statment if you really need to 'squeeze' performance and bypass the overflow/underflow checking.

  • I got Keith to sign my copy of The .NET Developer's Guide to Windows Security (ok, a bit nerdy I admit)

  • The Cookies and tamper detection module is excellent!

  • We did a lab on input validation using regular expressions. Here is a good link to the PAG site on common regular expressions. Remember, all user input is EVIL and NOT TO BE TRUSTED!

  • Manageability (instrumentation) often gets overlooked in apps because we're too busy building features. However, when it comes time to debug, it is difficult to impossible to quickly find the problem. The .Net Framework makes it trivial to write to the event log and Windows performance counters and there is no reason not to do it!

My brain is full for today. Time to relax for a bit and get ready for days 4 and 5.


Building Connected Systems - Day 2

Day 2 was excellent. Aaron did a demo on the Web Service Software Factory. If you have not seen this, check it out. It is something the PAG team built to help accelerate initial project creation. It creates a solution with multiple projects (web service layer, biz object layer, a mapping layer, and even some test projects). Ther is also one available for WCF, but as of this post there is no a version for RC1 available yet. I strongly encourage y'all to check this out as it seemed very useful! After that We focued on WCF concepts; contracts, serializers, behaviors and bindings. To end the day, Microsoft Connected Systems Division (think: WCF + BizTalk) Archtect Steve Swartz came in and talked about potential future directions. Some interesting comments were:

  • WCF is happy with SOAP or REST

  • MSFT is going to push more services "into the clouds": e.g. there is already a beta STS service available here

  • MSFT is going to try to make BizTalk more of a .Net extension and not a silo of its own.

  • Improve developer tools; e.g. if a developer wants to publish an RSS feed, it should be as simple as instantiating a class and 'start pumping RSS out'.

  • Start thinking about 'claims' in the security space. Check out Kim Cameron's blog for more information.

  • Autonomy is 'a' value - it is not the 'one' correct architecture value. (think: 4 tenets of SOA)

Steve was a blast to listen to; scary-smart guy!


September 19, 2006

A funny from day 2 of class

"WSDL is like the sun; it's great and does a lot of good things for you, but don't look at it too long." - Aaron Skonnard


September 18, 2006

Building Connected Systems - Day 1

Day 1 was good. There are only 16 people in the class (2 Microsofties, and 2 former Microsofties, myself included) which is nice for personal attention and discussion. Today we reviewed SO, Web Services and the existing technology stack (ASMX 2.0, WSE 3.0). A lot of it was just tablesetting and laying the justification groundwork for WCF, WF and BizTalk. Near the end of the day we started on some BizTalk 2006, which will flow into tomorrow (about 1 hour left of the lab). Aaron Skonnard was our instructor. I love listening to people who are passionate and knowledgable about a topic. Some of the more intresting comments were:

  • ".Net Remoting has the least optimistic future of the communication models (ASMX, WSE, Enterprise Services, Remoting & MSMQ)"

  • It would be really interesting to see a WCF Channel for SQL Service Broker

  • The REST vs. SOAP debate: one thing in favor of SOAP is the existing tools (which is likely why Google chose SOAP for their SOAP Search API and not REST

  • Contract first vs. Code first for web services; typically collaberation drives contract first and smaller projects tend to migrate toward code first

I'm really looking forward to Day 2 which will cover WCF.

Early bedtime tonight! :)


.NET Campsight: Building Connected Systems

It begins:

More to come as I have time to post! :)


September 15, 2006

Foo has a name

Nearly every developer has used the word 'Foo', 'Bar' etc...Apparently there is a Wikipedia entry for it: Metasyntactic variable - Wikipedia, the free encyclopedia


Twin Cities Code Camp - Nov 11, 2006

The inaugural Twin Cities Code Camp will be held Nov 11, 2006. Check out the sessions here.

As of this post, 3 other Magenicons will be presenting (Jason Bock, Michael Dunn and Rocky Lhotka). I will be doing a session on using the security features of Indigo Windows Communication Foundation (WCF). Best of all, it's FREE!!!!!! Hope to see y'all there!


September 14, 2006

Twin Cities Code Camp

The Twin Cities Code Camp will be Nov 11, 2006. Check out the sessions here.

I will be presenting a session on using the security features of WCF.

come one, come all!