March 13, 2010

Three ways to tell if a .NET Assembly (DLL) has Strong Named

Posted by Bill Wilder under How To, Programming
1 Comment 

Three ways to tell if a .NET Assembly is Strongly Named (or has Strong Name)

Here are several convenient ways to tell whether a .NET assembly is strongly named. (Note: I assume the form is “strongly named” is more correct than “strong named” since that’s the form used in the output of the sn.exe tool shown immediately below.)

Testing for Strong Name on Command Line or in a Script

You tell whether an Assembly/DLL has been successfully strong-named using the Strong Name Tool (sn.exe) (which can be found somewhere like here: C:\Program Files\Microsoft SDKs\Windows\v7.0A\bin\sn.exe) by running the following at the command line:

sn -vf System.Data.dll

Here are the results when running against a strongly named assembly, then one that is not strongly named.

C:\> sn -v C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
Microsoft (R) .NET Framework Strong Name Utility  Version 4.0.30128.1
Copyright (c) Microsoft Corporation.  All rights reserved.
Assembly 'C:\...\System.Data.dll' is valid
C:\> sn -v C:\WINDOWS\ismif32.dll
Microsoft (R) .NET Framework Strong Name Utility  Version 4.0.30128.1
Copyright (c) Microsoft Corporation.  All rights reserved.
C:\WINDOWS\ismif32.dll does not represent a strongly named assembly

Since the return value from sn.exe is 0 (zero) when the strong name is in place, and 1 (one) if not correctly strong named, you can test for this in a script by examining ERRORLEVEL, as in the following (put it into a text file called “sn-test.bat” for example and run as “sn-test foo.dll”):

@ echo off
if "%1"=="" goto END
sn -q -vf %1 > NUL
if ERRORLEVEL 1 goto NOT_STRONG
:STRONG
echo Has strong name: %1
goto END
:NOT_STRONG
echo Not strong named: %1
goto END
:END

Note that this will tell you whether it has SOME strong name, but does not tell you which one. So this technique is not appropriate for all uses, but might help in, say, an automated script that checks your about-to-be-released assemblies to make sure you remembered to add the strong names to them. (See note below – “Strong Names not for Security”.)

If you need finer-grain control and wish to write low-level code to ascertain the strong-naming status of an assembly, you can do that too.

Viewing Strong Name Details with Reflector

You can load an assembly in RedGate’s .NET Reflector and quickly see the strong name details – or lack thereof for non-strong named assemblies. In the image below, see at the bottom where the strong name string is highlighted. Note that the strong name has four components:

  1. Assembly name (“System.Data” in case of assembly “System.Data.dll”)
  2. Assembly version (“2.0.0.0″ in case of “System.Data.dll”)
  3. Culture (“neutral” in case of “System.Data.dll”)
  4. PublicKeyToken (“b77a5c561934e089″ in case of “System.Data.dll”)

Using Reflector to show strong name

In the next image, see at the bottom where the LACK OF complete name string is highlighted; this assembly does not have a strong name to display, so “Name” field includes a null value for PublicKeyToken.

Reflector shows missing strong name

While you are at it… make Reflector the default program for” launching”  assemblies (actually would need to be for all files ending in the .DLL extension, but Reflector is smart enough to not choke on non-.NET assemblies).

Viewing Strong Name with Windows Explorer

Windows Explorer will not show you the strong name characteristics of an assembly, with one exception – for assemblies in the Global Assembly Cache (GAC), strong name data is included in the Properties dialog. But if  you are examining the GAC, this can be handy.

Windows Explorer (at least on Windows 7) will show you Digital Signatures when present – do not confuse these with Strong Names…

Strong Names Not for Security

Finally, a word of caution… Strong names are about versioning, not about security. Strong names are more about avoiding DLL Hell (which is largely an accidental concern) than about avoiding hackers. Strong names can be hacked, and Microsoft emphasizes that  strong-named assemblies do not give the same level of trust as digitally signing:

Strong names provide a strong integrity check. Passing the .NET Framework security checks guarantees that the contents of the assembly have not been changed since it was built. Note, however, that strong names in and of themselves do not imply a level of trust like that provided, for example, by a digital signature and supporting certificate.

Consider digitally signing your .NET assemblies if it is important to you or your customers that the origin of the assemblies be traceable and verifiable.

 

March 12, 2010

Make Reflector the default action for opening .NET Assemblies in Windows Explorer

Posted by Bill Wilder under How To, Programming
1 Comment 

Many .NET developers know and love the .NET Reflector tool. If you are one of them, consider making Reflector the default action for when you double-click on (i.e., open) a .DLL file. Just like assigning Microsoft Word to open .DOC files, you can assign a program to open your .DLL files. It is easy… Here are the instructions for Windows 7 – for other versions of Windows the process is similar.

1. Download Reflector and install it; remember where it is installed

2. Using Windows Explorer, navigate to any DLL file on your computer

3. Right-click on the DLL and select “Open with…” from the popup menu

4. From the Caution dialog that appears, select “Open with…” (yes, you have to select it twice, once in step 3, again in step 4):

5. From the dialog that appears, choose the second option – “Select a program from a list of installed programs”:

6. Now you will simply need to choose  the “Browse…” button and navigate to wherever it is you installed Reflector.exe, click the “Open” button and you are done.

Now whenever you want to examine a DLL in Reflector, you can double-click on it from Windows Explorer. If you tool around in the command line like I sometimes will do, you can also launch the DLL in Reflector by just “running” it from the command line like you might do for a .txt document to open it in Notepad.

Realize that Reflector can’t do much with a DLL that is not actually a .NET Assembly, but will handle that case gracefully.

 

March 11, 2010

BostonAzure.org “Subscribe to Email List” Form gets UX make-over

Posted by Bill Wilder under UX, Web development on bostonazure.org
Leave a Comment 

There is a “subscribe” form on the Boston Azure web site from which people can ask to be added to  the group’s email list.

I just made some updates to improve the user experience (UX). Here are the changes I made, and I list the handy web resources I used to help me decide (where applicable).

For field labels, I place the label directly above the field it describes. I use <fieldset> and <label> to describe my markup, presumably making it friendly to screen readers. (Credit to templates provided with ASP.NET MVC for making this part easy.) This is the layout that Luke Wroblewski (author of Web Form Design: Filling in the Blanks) recommends in his Best Practices for Web Form Design for scenarios where you want to maximize speed, and the user is likely familiar with the data being requested.

Luke’s work is packed with clear, actionable, useful guidance that is easily applied and backed by user research. A gold mine…

Other recommendations I adopted from LukeW include:

  • Since I have two required fields and three optional ones, I removed the (Required) labels, and stuck with the (optional) ones only.
  • Added field length for optional Notes field.
  • Made the Primary Action of the form (the Subscribe button) green, just like Apple Store (got the idea from UIE mailing).

Also from LukeW, but from a different source (The Apple Store’s Checkout Form Redesign, which I learned of from a UIE mailing):

  • After the form is submitted, the user does not get an immediate email. I made that clear in the resulting text.

More improvements I can make in the future, also based on LukeW, include:

  • Validate the data entered. In my case, this is currently only that a well-formed email address is provided.
  • Provide more context on why data is being requested.
  • Disable the Submit (Subscribe) button after it is clicked to avoid double clicks.

Other changes, outside of LukeW’s guidance:

  • Mentioned “low volume” and “will not spam you” – though also need a privacy policy. Will get to that eventually..
  • Programmatically set focus to the first field in the form when the page is loaded. I used the jQuery technique described here.
  • Dropped “:” (colons) at end of labels while also changing labels text from leading caps style to mixed case (“Job title” instead of “Job Title:”). While not decisive for me, I found an interesting discussion around whether to use a colon in form labels.
  • Made sure users could press Enter at any time to submit – but this will only work if they are not in the single multi-line field on my form. Need to consider removing that field … Need to consult with Joan on that one. :-)

Used semantic mark-up to implement the green Submit (Subscribe) button mentioned above:

Green button that is visually distinctive

Submit (Subscribe) Button

HTML:

<input type="submit" id="primaryaction" value="Subscribe" />

CSS:

#primaryaction
{
 padding: 5px;
 color: #FFFFFF;
 background-color: #267C18;
 font-weight: bolder;
}

Old form:

sign-up form BEFORE the make-over

New form:

The subscribe form AFTER IMPROVEMENT

The AFTER screen shot

 

March 5, 2010

The Project Location is not Trusted – Dealing with the Dreaded Unblock

Posted by Bill Wilder under Programming, Step-by-Step | Tags: |
Leave a Comment 

The Project Location is not Trusted

Dealing with the dreaded blocked files problem

Quickly Unblocking files marked as Unsafe

Ever download a Zip (or other files) and have to manually “Unblock” one or more files through Windows Explorer’s Properties dialog, like this?

Perhaps you been mystified by a message like this one from Visual Studio?

Mysterious Visual Studio error message

Read on to understand what’s happening and to learn how to more easily deal with Unblocking such downloaded files on Windows 7, Vista, and XP.

Why does this happen? Why do files become “Blocked”?

It appears that Internet Explorer (versions 7 and  8, maybe late patches in IE 6) applies the “block” in a stream (see below for more on streams). Some programs handle these “blocked” files more gracefully than others (looks like the latest Adobe PDF reader can read files like this w/o error).

I’ve seen blocking happen when downloading Visual Studio solutions from the web or from an email. I’ve also seen it when downloading documents to disk for use later. You can view the file’s properties in Windows Explorer to see if the block is there (look for the “Unblock” option, as seen above).

Another option is to use Notepad as illustrated in Colin Mackay’s Tip of the Day from nearly a year ago:

notepad MyDownloadedFile.zip:zone.identifier

Of course, substitute your filename in instead of BostonAzureSite.zip, but keep everything else identical. You will see the external zone stream:

[ZoneTransfer]
ZoneId=3

Windows is protecting us from ourselves. I guess if you don’t know what you are doing, you could hurt yourself; you’ve downloaded something “untrusted” from the interweb. This “protection” is in Windows 7 and Windows Vista, and apparently can even appear in Windows XP if certain Microsoft software updates are installed. I assume this has some benefits to someone!

But if you are a programmer / hacker / techie, and are comfortable hacking and generally know what you are doing, read on…

Easily Unblock downloaded files marked by IE as Unsafe

Normally, to Unblock files, you need to visit them one at a time with Windows Explorer, pop up the properties, and click on the Unblock button. This is tedious. If you want to be able to Unblock files more quickly, including whole directory trees at once, then consider doing the following.

Go get streams.exe from the big brains at Systinternals (which is part of Microsoft) and copy the executable to c:\bin\streams.exe. (If you put it somewhere else, make a compensating adjustment in the next step.)

Use Notepad to save the following into a text file named unblock-menu.reg and save it to disk:

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\Directory\shell\UnBlock]

[HKEY_CLASSES_ROOT\Directory\shell\UnBlock\command]
@="c:\\bin\\streams.exe -d -s \"%1\""

[HKEY_CLASSES_ROOT\*\shell\UnBlock]

[HKEY_CLASSES_ROOT\*\shell\UnBlock\command]
@="c:\\bin\\streams.exe -d \"%1\""

What do these Registry Settings do?

This file lists some registry settings that will allow you to invoke streams.exe from the right-click context menu in Windows Explorer. Depending on whether you right-click on a folder or a file, the context menu will vary, as will the action. For a folder (directory), the registry setting says “call the program streams.exe with the parameters ‘-d -s’ and name-of-whatever-folder-i-clicked-on” which will cause streams.exe to visit each file in that directory tree and remove its streams information. If you right-click on just one file, the command is similar, except does not use the “-s” flag (which says to recurse into subdirectories).

Now install these registry settings by executing this file, probably by double-clicking on unblock-menu.reg from Windows Explorer. You will probably get a warning from Windows saying you must be nuts to attempt to modify the registry. However, if you are a programmer you are probably cool with it (and may also be nuts).

Now you are ready for the next time Windows protects you from yourself by blocking content you didn’t want marked as unsafe in the first place. You can right-click on any file or directory on your computer and select “Unblock” and that will apply the Unblock process. If you apply it to a file, it will only impact that file. If you apply it to a directory (aka folder) then it will recursively apply to all files and directories below that folder.

Here’s what you will see when you right-click on a directory / folder from Windows Explorer – note the new option:

And here’s what you will see when you right-click on a file:

Other Options

I learned about the streams.exe utility from a handy post about unblocking files for Vista. In that same post, they describe how to turn the feature off altogether using the Policy Editor.

Caveat Emptor

With great power comes great responsiblility.

I do not advise applying streams.exe to C:\ as I have no idea whether it is ever a good idea to remove all streams from all files. This may in fact be a very bad thing to do. I just don’t know.  I am personally comfortable doing it with Visual Studio projects and various documents I’ve downloaded, and have not run into any trouble, but be careful out there…

Note that the streams utility will nuke *all* the streams. So if your files contain useful additionals streams, this is probably not going to be a helpful strategy. I expect this is not likely to be a problem for the vast majority of people.

Interesting write-up on Alternate Data Streams, which are a feature of NTFS file system. Even some interesting streams hacks out there.

 

March 2, 2010

ASP.NET MVC 1.0 Visual Studio 2008 project will not open in Visual Studio 2010 RC or Beta

Posted by Bill Wilder under Programming
Leave a Comment 

Errors Opening ASP.NET MVC 1.0 Sites in Visual Studio 2010 RC, Beta

If you try to use Visual Studio 2010 RC to open an existing ASP.NET MVC web site that was built on ASP.NET MVC 1.0 under Visual Studio 2008, you might expect it to be converted and to open successfully. That’s what I expected, but that did not happen. Visual Studio 2010 gave me conversion errors.

But.. there is a straight-forward way to migrate your ASP.NET MVC project from Visual Studio 2008 to Visual Studio 2010 RC.

Here’s what you need to do:

1. Uninstall the MVC 2.0 RC (or RC 1) bits that ship with the RC if you’ve already installed Visual Studio 2010 (and you probably have if you are reading this blob post – but refer to Phil Haack’s post for full details)

2. Download the latest MVC 2.0 RC 2 bits and install them into Visual Studio 2010

3. Download the work-in-progress MVC converter tool and run it on your project

4. Open your project in Visual Studio 2010 and it will now be able to complete the conversion

One step in the conversion to Visual Studio 2010 will also ask you if you wish to convert to .NET 4.0:

Since I wish to deploy this site back to a host with .NET 3.5 SP1, I chose No. I am willing to live with deploying the ASP.NET MVC RC 2 bits, but not so with .NET 4.0 as I don’t have control over that (I deploy onto a shared server).

Presumably this will all be integrated and seamless in the final release of Visual Studio. But it worked for me…

 

February 25, 2010

Notes from Curt Devlin on Identity, Claims, and Azure Geneva from 4th Boston Azure Meeting Feb 2010

Posted by Bill Wilder under Azure, Boston Azure User Group, Cloud Computing, Programming
[3] Comments 

Curt Devlin keynotes 4th Boston Azure User Group meeting

Identity, Claims, Geneva, and Trust in the Cloud

This was Boston Azure meeting #4, Feb 25, 2010

(Curt’s slide deck will be made is now available (PPT 2003 format))

Some notes from Curt’s talk:

  • Azure devs need to care about claims-based-identity and federated identity
  • Geneva is Microsoft’s solution in this space
  • Perfect storm of paradigm shifts
  • Caution: Geneva is not a panacea for “Identity in the Cloud”

“The most important thing Microsoft has done in identity since they came out with ActiveDirectory” – and think about how much we rely on AD for enterprise-class apps – “it’s like air”

First two lines of every program (with nod to Kim Cameron):

  1. Who are you?
  2. What are you allowed to do?
  • The answer to the second generally depends on the answer to the first. “Identity” is an input.

Big architectural problem: the ‘net was built w/o any way of knowing who you are connecting to (http has no identity)

  • RBAC (role-based access control) is not as flexible or powerful as claims
  • Any statement that can be validated can be a claim

Microsoft’s Federated Identity Group very focused on standards. To be serious also about Azure, you need to pay deep attention to the key standards.

Azure is only cloud solution REALLY solving the SSO problem in the cloud – and into your data center. Identity must flow…

Geneva Technology stack:

  • Microsoft Federation Gateway (“ADS 2.0 in the sky”)
  • Windows Identity Foundation (some .NET namespaces)
  • Active Directory Federation Services 2.0
  • Windows CardSpace 2.0

Curt will focus for a while in his talk on Windows Identity Foundation…

Consider three parties – Security Token Service, Your App, End User

  1. Secure Token Service <=> Your App – Initial handshake uses WS-Federation (metadata, X-509 cert)
  2. End User <=> Your App – claims via WS-Policy (which Security Token Service(s) I trust)
  3. End User <=> Security Token Service – verify policy
  4. End User <=> Security Token Service – WS-Trust
  5. End User <=> Your App – lots of interactions – signed tokens, claims

ADF 2.0 – same programming model across web and desktop

RP = relying party – someone that consumes tokens

PingIdentity.com

OpenID cannot help with Man-in-the-middle attacks

“Shred the token” is lingo meaning to decrypt a token.

Coded example showing implementation of Passive Federation.

  • Showed the 8 (!) prerequisites
  • Create full-trust app (Since runtime not fully baked in Azure yet – and certainly not yet in GAC)
  • Add a reference to Microsoft.IdentityModel (which is a stronger programming model than older System.IdentityModel)
  • using Microsoft.IdentityModel.Claims;
  • using System.Threading;
  • Then write like 5 lines of code…
  • Subclasses from IIdentity, IClaimsIdentity, IClaimsPrincipal (same ones used in other .NET apps)
  • WIF ASP.NET Processing Pipeline does a lot of behind-the-scenes work for us
  • IsInRole method is key
  • Then in the ASP.NET app, there is some 10 lines of key code for X-509 cert – which contains the URL (or domain, really) of the web site that the cert applies to – a problem with “localhost” and “stage.foo.com” etc. due to mismatch – this goes in Global.asax – plus several other blocks of code…

Now for the STS (which you don’t need if you have ADFS 2.0)

  • There is a Token Service for ASP.NET visual studio template with Geneva install
  • Many coding steps here (see slides)
  • Use FedUtil (which comes with Geneva and VS 2008, VS 2010) to create a trust between your application and your STS
  • There is a lab to create your own STS

Claims-based systems externalized the work of AuthZ, AuthN to your STS – not stuck in your code.

Geneva supports delegation – embedding one token within another…

(21 people at the meeting)

 

February 21, 2010

Curt Devlin to Speak about Identity in the Cloud at Boston Azure Meeting

Posted by Bill Wilder under Boston Azure User Group
Leave a Comment 

Boston Azure meeting to feature Microsoft’s Curt Devlin on Identity in the Cloud

Thursday February 25, 2010 at NERD in Cambridge, MA

The following is an update to the agenda for the upcoming Boston Azure User Group meeting this coming Thursday.

logo for BostonAzure.org

To RSVP for the meeting (helps you breeze through security and helps us have enough pizza on hand), for directions, and more details about the group, please check out http://BostonAzure.org.

To get on the Boston Azure email list, please visit http://bostonazure.org/Announcements/Subscribe.

[6:00-6:30 PM] Boston Azure Theater

The meeting activities begin at 6:00 PM with Boston Azure Theater, which is an informal viewing of some Azure-related video. This month will feature the first half of
Matthew Kerner’s talk on Windows Azure Monitoring, Logging, and Management APIs from the November 2009 Microsoft PDC conference.

[6:30-7:00 PM] Upcoming Boston Azure Events and Firestarter

Around 6:30, Bill Wilder (that’s me) will first show off an interesting CodeProject contest, then will lead a discussion about the future of the Boston Azure user group and the upcoming All-Day-Saturday-May-8th event.

Curt Devlin will take the stage at 7:00 PM.

Before the meeting, if you want a little more context, you may wish to read Kim Cameron’s essay The Laws of Identity, which is an insightful analysis of challenges around Identity.

[7:00-8:15] Featured speaker: Curt Devlin of Microsoft

Photo of Curt Devlin, Architect at Microsoft

Abstract

The Azure platform presents new challenges for identity management. As developers and architects, we will still have to answer the same two perennial questions: 1) Who are you? 2) And what are you allowed to do? But the traditional on-premise approaches to authentication, authorization and identity lifecycle control are not adequate to meet these new challenges. The Geneva suite of technologies for claims-based identity management can be help because cloud computing can be thought of as a “special case” of federation, with many similar requirements. Together these two paradigms appear to be converging to create the perfect storm of paradigm shifts. However, even WIF, ADFS 2.0 and CardSpace 2.0, will only take us part way to a complete solution in the near term. This session will provide a simple recipe for claims-based identity management in Azure using Geneva, discuss some of the most important reasons why this is necessary, and finally some of the shortcomings we will still have to contend with on the road ahead. The aim is to educate, motivate, and caution.

About Curt Devlin

Curt Devlin is currently an architect in Microsoft DPE (Developer & Platform Evangelism) focusing on distributed solutions across many industries and customer segments. Curt is a Microsoft veteran of many technology wars, with more than 20 years of experience developing solutions on the Windows and .NET. platforms. He is also a dyed-in-the-wool New Englander with avid interests in sailing, skiing and nearly everything else.

Curt blogs as the philosophical architect, plus you can check out his MSDN articles Enterprise Authorization Strategy and SaaS Capacity Planning: Transaction Cost Analysis Revisited.

Curt’s blog post announcing his participation in this meeting: http://blogs.msdn.com/curtd/archive/2010/02/23/an-evening-with-identity-in-the-clouds-and-the-boston-azure-user-group.aspx

 

February 7, 2010

Steve Krug on Rocket Surgery Made Easy from Dec 2010 BostonCHI Meeting

Posted by Bill Wilder under Trip Report, UX
Leave a Comment 

Rocket Surgery Made Easy

Steve Krug speaks at BostonCHI

Notes from 08-Dec-2009 meeting

  • Steve’s new book - Rocket Surgery Made Easy - due in bookstores in a couple of weeks – material from this talk will be in his book…
  • Passed a copy of his book around through the audience for quick peek
  • 150 or so people in attendance

Writing process

  1. writing process: collect years of notes
  2. need deadlines to force you to write (and finish)
  3. collect relevant articles for each chapter and post them all on a wall
  4. once you’ve begun to panic, start throwing things overboard
  5. Outline, write, iterate
  6. get help
  7. throw things overboard (save for next book?)
  8. FAQ at the end of every chapter – good idea
  9. Doing usability (vs How to Think About Usability)

Doing Usability

  1. A morning a month – that’s all we ask
  2. Run tests – with whole team – at our site – scheduled monthly and well ahead of time – and debrief immediately after over lunch
    1. maybe do right before iteration planning
    2. company-sponsored lunch
  3. Start earlier than you think makes sense
  4. The sooner you get information, the better use you can make of that information
  5. Don’t wait until the site is “finished” – test it as soon as it is testable
  6. Don’t worry that “you already know about the problems”
  7. If you have nothing built, test other people’s sites
  8. Are you working on the site? –> Yes ==> test now!
  9. Recruit loosely and grade on a curve
  10. Beware implied domain knowledge
  11. Some testing can be done w/o your target audience
  12. Usability testers say many things that are similar to what therapists say – “what did you expect to happen when you did that?”
  13. Keep yourself out of it! It is about the user and what the user being tested is thinking.
  14. Make it a spectator sport
  15. Get everyone to come and watch the test – frequently the observers suddenly just “get it” that they are not their users
  16. Have high quality snacks. Keep the sessions short and compact. Do them on site. Make it easy for everyone to join in, hard to have a good reason to skip it.
  17. Record sessions with Camtasia ($300). Get a good USB desktop microphone ($25). Don’t record user’s face (“useless and distracting”). Use a screen sharing service (like GotoMeeting, $40/month?) to control the UI. High quality audio is important, and should be channeled to the observation room via GotoMeeting or Skype.
  18. Focus ruthlessly on a small number of the most important problems
  19. Serious because everyone will come across them, or serious because for those who do encounter them will be seriously impeded.
  20. Don’t feel you need to come up with the “perfect” fix
  21. Ask everyone in the observation room to write down the three most important issues they observed. These are raised at the debriefing session over lunch.
  22. When fixing problems, always do the least you can do ™
  23. Prioritize the list, then work your way down the list until you run out of time/resources
  24. Sometimes a tweak is better than a redesign – don’t get suckered into a redesign – the perfect is the enemy of the good!
  25. Focus on the smallest change we think we can make to address the problem we observed
  26. Q&A
  27. Remote Testing?
  28. Remote testing is handy – saves travel time, recruiting pool grows, … do over skype or GotoMeeting.
  29. How to get it off the ground? Try a group usability test of competitor’s site – everyone can get behind that. Do one and hope people get enthused about it. Make the cost of swinging by to watch the testing really small.
  30. Be very cautious about asking users how to fix the problems they’ve encountered. “Users are not designers.” “Hopefully you know a lot more than they do about design.” Listen to them, but be careful that they’re ideas are not well thought out. The purpose of testing is to “inform your design intelligence”.
 

January 29, 2010

January 2010 Boston Azure User Group Meeting Notes

Posted by Bill Wilder under Boston Azure User Group
Leave a Comment 

This was the third meeting of the Boston Azure User Group! (You can get on the group mailing list here.)

We watched a clip from the first day of PDC where Ray Ozzie and others talk Azure in the keynote

Discussed idea of an Azure Firestarter event – possibly for May 8, 2010 – and this seems to flow nicely from our scheduled April meeting where Jason Haley is scheduled to talk about getting started programming in Azure, such as with the Azure SDK.

Ben Day spoke on Windows Azure storage. Some quick notes / points from his talk:

  • Relational databases have a schema – all rows in a table have same columns, structure is defined before pouring in any data, data is not repeated (third-normal form breaks out data to appear only once – no redundancy)
  • … database will manage transactions across tables
  • … though mixed with replication can provide performance challenges
  • This changes for Azure Table Storage!
  • … though Azure Table Storage can scale way better – horizontally (“out”) whereas traditional SQL RDBMs tend to scale best vertically (“up”) – to larger boxes – which is more limiting and tends to be more expensive.
  • Do we need to rethink what needs to be transactional? Can we use a simplified transactional model – such as just within one table – or one instance of one table…
  • … compensating transactions are another approach
  • Securely storing data
    • Encrypt (compute is cheap)
    • If you encrypt a key, it won’t work for indexing
    • Search is harder if you encrypt
  • String columns have a 64KB size limit for Table Storage – so reference larger objects in a Blob
  • Unit testability
    • Abstract away you r persistent store, such as with Repository pattern – so you can unit test
    • Encapsulate business logic, such as with Service Layer and Domain Model patterns
    • Extract logic from UI using MVP (Model View Presenter)
    • Use Mock objects
  • Ben will come back to finish the story!

Around 23 attended.

 

January 27, 2010

Since Software is a Business, Architects need to be More than Technologists

Posted by Bill Wilder under Bill gave a talk, Soft Skills
Leave a Comment 

Gave talk at Architect Factory, Part Deux today titled Since Software is a Business, Architects need to be More than Technologists. The slide deck can be downloaded here. The most prominent concept/slide follows:

Technology Skills

Technology + Communications + Business-Awareness = Influential Architect

The overall event was excellent. It was organized primarily by Bryan Tuttle of CodeRight, a Consulting/Training company. Many thanks to Bryan for a job well done!

 

Next Page »