September 21, 2006

Building Connected Systems - Day 4

Ok, my mind is oatmeal now :) but i'm going to blog about today anyway!

Keith did the Workflow WWF (WF) lecture and lab today. In WF:


  • the Activity is the main unit of execution, reuse and composition

  • right now, integration between WF and WCF is not a great developer experience right now (this will improve as the WF and WCF teams have merged to the Connected Systems Division)
After the WF lecture, Keith left us in the very capabable hands of Mr. Fritz Onion who led us through ASP.NET 2.0 stuff for the rest of the day (UI, Data and web parts). After 3 days of solid learning, Fritz was kind to the class and didn't beat on us too much! :)

At the end of the day, Don Smith from the Microsoft Patterns & Practices Team (PAG) came in to talk about the good work they're doing and did demo of the WCF Service Factory. I'm really looking forward to the new build of this tool which supports the RC1 of the .NET 3.0 framework! Don was a blast to listen to and I know the class was glad he came out to talk to us!

One more day! :)
jk
Posted by at No comments:
Labels:

September 20, 2006

Building Connected Systems - Day 3

Today is 'Security Day' with the esteemed Keith Brown leading the class. We talked about lots of WCF-Security stuff, and also a lot about web security.


Some of the more interesting web security things were:


  • The Code Room - Vegas starring Keith Brown et. all.  It is a fun little poke at security on web sites and shows session hijacking and SQL injection.

  • Keith has an excellent set of tutorials about input validation located at http://pluralsight.com/wiki/default.aspx/Keith/InputValidationModules.html. All developers should be using these techniques to improve web site security!

  • Integer overflow in managed code exists in C#!!!! This suprises a lot of people (myself included). Keith recommended turning on checking at a project level, and use the 'unchecked' statment if you really need to 'squeeze' performance and bypass the overflow/underflow checking.

  • I got Keith to sign my copy of The .NET Developer's Guide to Windows Security (ok, a bit nerdy I admit)

  • The Cookies and tamper detection module is excellent!

  • We did a lab on input validation using regular expressions. Here is a good link to the PAG site on common regular expressions. Remember, all user input is EVIL and NOT TO BE TRUSTED!

  • Manageability (instrumentation) often gets overlooked in apps because we're too busy building features. However, when it comes time to debug, it is difficult to impossible to quickly find the problem. The .Net Framework makes it trivial to write to the event log and Windows performance counters and there is no reason not to do it!


My brain is full for today. Time to relax for a bit and get ready for days 4 and 5.


jk

Posted by at No comments:
Labels: ,

Building Connected Systems - Day 2

Day 2 was excellent. Aaron did a demo on the Web Service Software Factory. If you have not seen this, check it out. It is something the PAG team built to help accelerate initial project creation. It creates a solution with multiple projects (web service layer, biz object layer, a mapping layer, and even some test projects). Ther is also one available for WCF, but as of this post there is no a version for RC1 available yet. I strongly encourage y'all to check this out as it seemed very useful! After that We focued on WCF concepts; contracts, serializers, behaviors and bindings. To end the day, Microsoft Connected Systems Division (think: WCF + BizTalk) Archtect Steve Swartz came in and talked about potential future directions. Some interesting comments were:

  • WCF is happy with SOAP or REST

  • MSFT is going to push more services "into the clouds": e.g. there is already a beta STS service available here

  • MSFT is going to try to make BizTalk more of a .Net extension and not a silo of its own.

  • Improve developer tools; e.g. if a developer wants to publish an RSS feed, it should be as simple as instantiating a class and 'start pumping RSS out'.

  • Start thinking about 'claims' in the security space. Check out Kim Cameron's blog for more information.

  • Autonomy is 'a' value - it is not the 'one' correct architecture value. (think: 4 tenets of SOA)

Steve was a blast to listen to; scary-smart guy!


jk

Posted by at No comments:
Labels:

September 19, 2006

A funny from day 2 of class

"WSDL is like the sun; it's great and does a lot of good things for you, but don't look at it too long." - Aaron Skonnard


jk
Posted by at No comments:
Labels:

September 18, 2006

Building Connected Systems - Day 1

Day 1 was good. There are only 16 people in the class (2 Microsofties, and 2 former Microsofties, myself included) which is nice for personal attention and discussion. Today we reviewed SO, Web Services and the existing technology stack (ASMX 2.0, WSE 3.0). A lot of it was just tablesetting and laying the justification groundwork for WCF, WF and BizTalk. Near the end of the day we started on some BizTalk 2006, which will flow into tomorrow (about 1 hour left of the lab). Aaron Skonnard was our instructor. I love listening to people who are passionate and knowledgable about a topic. Some of the more intresting comments were:


  • ".Net Remoting has the least optimistic future of the communication models (ASMX, WSE, Enterprise Services, Remoting & MSMQ)"

  • It would be really interesting to see a WCF Channel for SQL Service Broker

  • The REST vs. SOAP debate: one thing in favor of SOAP is the existing tools (which is likely why Google chose SOAP for their SOAP Search API and not REST

  • Contract first vs. Code first for web services; typically collaberation drives contract first and smaller projects tend to migrate toward code first


I'm really looking forward to Day 2 which will cover WCF.


Early bedtime tonight! :)

jk

Posted by at No comments:
Labels: ,

.NET Campsight: Building Connected Systems

It begins:  http://www.pluralsight.com/courses/CampsightConnectedSystems.aspx


More to come as I have time to post! :)


jk

Posted by at No comments:
Labels:

September 15, 2006

Foo has a name

Nearly every developer has used the word 'Foo', 'Bar' etc...Apparently there is a Wikipedia entry for it: Metasyntactic variable - Wikipedia, the free encyclopedia

jk
Posted by at No comments:
Labels:

Twin Cities Code Camp - Nov 11, 2006

The inaugural Twin Cities Code Camp will be held Nov 11, 2006. Check out the sessions here.

As of this post, 3 other Magenicons will be presenting (Jason Bock, Michael Dunn and Rocky Lhotka). I will be doing a session on using the security features of Indigo Windows Communication Foundation (WCF). Best of all, it's FREE!!!!!! Hope to see y'all there!

jk
Posted by at
Labels: , ,

September 14, 2006

Twin Cities Code Camp

The Twin Cities Code Camp will be Nov 11, 2006. Check out the sessions here.

I will be presenting a session on using the security features of WCF.

come one, come all!

jk
Posted by at No comments:
Labels: , ,

July 12, 2006

Top 10 XML specifications rejected by the W3C

And oldie but a goodie :)

jk
Posted by at No comments:
Subscribe to: Posts (Atom)