Monthly Archives: March 2010

At New England Code Camp #13, Gave Talks on Azure and Prism

At today’s New England Code Camp #13, I gave talks on Azure and Prism.

1. Azure Talk

2. Prism Talk

Intuit and Azure – Better Together

The March 25th Boston Azure cloud user group meeting line-up includes the following:

6:00 – 6:45 PM – LAPTOP TIME! – if your laptop is capable of running IIS 7.x, bring it and we’ll help you configure it so you can program against Windows Azure. If you are already configured, come for LAPTOP TIME anyway and help out the others – or submit an entry to the Azure Code Project contest.

(pizza + salad will arrive during LAPTOP TIME)

6:45 – 7:00 – MAIN MEETING BEGINS with the Azure Update from Mark Eisenberg of Microsoft. Any questions about what’s happening with Azure? Want to hear some of the recent announcements? What’s moving and shaking in the Azure world? Join us at 6:45 to stay plugged in.

7:00 – 8:15 – INTUIT PARTNER PLATFORMIntuit‘s Alex Barnett (Group Manager for Developer Relations) and his colleague Jarred Keneally (Developer Relations Engineer) will talk about the Intuit Partner Platform, the fantastic synergy with Windows Azure, the recently announced agreement between Microsoft and Intuit, and the opportunity for developers.

8:15 – 8:30 – WRAP UP – Boston Azure announcements, SWAG/Give-Aways, and Update on the Azure Firestarter we will be hosting on Saturday May 8th at NERD (all day learning event).

Please RSVP to help us with the list for front-desk security and to make sure we order enough pizza and salad. Hope to see you there!

Getting Started with Windows Azure Development

This is an update from an old post on Azure Development Requirements, this time focused on a reasonable stack of tools for Azure development. (The structure is based on list from Jason Haley which he prepared for a talk to the April 29, 2010 meeting of the Boston Azure cloud computing user group.)

How-To Configure an Azure Development Environment

0. Operating System Running IIS 7.x

No way of getting around the need for a Windows operating system that runs IIS 7.0 or IIS 7.5 — either directly or indirectly (see note below on using virtualization).

The operating system versions that support IIS 7.0 include:

  • Vista Business Edition and Ultimate

The operating system versions that support IIS 7.5 include:

What happens if I don’t have Vista, Win 7, or Server 2008?

There is one other hope. Use Virtual PC (or your favorite virtualization solution) and run an instance of a supported operating system in a virtual mode. (This blog post on creating a virtual machine image for Windows 7 using Virtual PC 2007 may help.)

Once you have an operating environment – real or virtual – the rest is the same.

How do I enable IIS 7.x to run?

If you are running a desktop version of Windows (Vista or Windows 7), it is likely you need to enable IIS through the control panel. Here are step-by-step instructions for enabling IIS 7.5 on Windows 7.

If you are doing this to prepare for the April 29 Boston Azure or the May 8th Firestarter meeting, please make sure you have enabled IIS7 with ASP.NET and have WCF HTTP Activation enabled.

1. Visual Studio

You need a copy of Visual Studio that supports Azure development. Currently your options are Visual Studio 2008 SP1Visual Studio 2010 (many editions), and Visual Web Developer 2010 Express Edition.

If you don’t know which version of Visual Studio to install, go with Visual Web Developer 2010 Express Edition (which is also free).

2. Windows Azure Tools and SDK

Download and install Windows Azure Tools for Microsoft Visual Studio 1.1 (Feb 2010) – this includes the Windows Azure SDK (and its samples)

Pay special attention to the first note at the top of that post:

Visual Studio must be run as an Administrator

You must run Visual Studio with elevated permissions when building Cloud Services for Windows Azure.

It is possible to create a shortcut that will launch Visual Studio with administrative permissions by setting the “Run as Administrator” checkbox in the Advanced Properties page of the Shortcut tab; this is available from the Properties menu option off of the context menu.

3. Microsoft SQL Server

A local installation of SQL Server is needed for local development work involving SQL Azure, Azure Table Storage, or Azure queues.

You only need to do this step if you didn’t install a version of SQL Server during Step 1 (above) while installing Visual Studio.

If you do not have a paid license for SQL Server, your best bet is to download a free copy of either Microsoft SQL Server 2005 Express or Microsoft SQL Server 2008 Express.

If you don’t know which version of SQL Server to install, go with Microsoft SQL Server 2008 Express (which is also free).

4. Windows Azure Platform Training Kit

At least for the April Boston Azure meeting, you will  also need the Windows Azure Platform Training Kit (Dec 2009 update) since Jason Haley (the main speaker) will assume we have this installed so he can reference it during the meeting.

5. Future Optional Extra Credit Tools

Once you have deployed to the cloud, you may also be interested in:

  • Fiddler (for IE) and Firebug (for Firefox) to spy on http traffic going back and forth to a deployed Azure app
  • What else?

6. Do You Have a Token?

If you are lucky enough to have a token for free (though time-limited) access to Azure services in the cloud, here’s How to Redeem an Azure Token.

Software Development Lessons from the Movie Industry

Which is more important: Good People or Good Ideas?

The following video of a talk by Edwin Catmull, Ph.D., President of Pixar, is loaded with insights from the Movie Industry (specifically Pixar Animation Studios) that are applicable to those of us in Software Development – in fact, applicable to those of us in any team-oriented endeavor of any complexity. Every technologist who works on a team should listen to the talk. Then listen again. Any place where he talks about movies, substitute Software Development (or your team-oriented, complex vocation of choice) and think about how it applies to you.

Dr. Catmull ultimately answers the question of which is more critical: good people or good ideas? In doing so, he concludes unequivocally that People are more important, but doesn’t stop there – it is really those People on Effective Teams that makes the difference.  He also peppers the talk with interesting insights, such as competitors (in all industries) are always copying ideas – but often they copy the wrong ones – they tend to copy only ideas that were previously well executed (and, thus, usually successful), but should perhaps pay more attention to the far more numerous good ideas that were poorly executed.

Successful products have got thousands of ideas. There’s all sorts of things necessary for it to be successful. And you have to get most of them right to do it. That’s why you need a team that works well together.
-Ed Catmull, Ph.D., President, Pixar Animation Studios

I stumbled across the video when reading a post by Jeff Atwood admonishing us to Cultivate Teams, Not Ideas; Jeff’s post is also worth a close read.

Notes and Quotes

Notes I took of Ed Catmull’s illuminating talk follow – mostly direct quotes (prefaced with where in the video it occurs):

  • @ 10:45 “We had confused the orgizational structure with the communication structure – a very common thing that happens to a lot of companies. They are different.”
  • @ 13:30 “success hides problems
  • @ 15:25 (on doing “A” bug’s life and “B” toy story/direct-to-video) “We shouldn’t be thinking that it’s okay to be doing something that isn’t great.” (so they stopped the non-great ones)
  • @ 21:55 “What’s the central problem, finding good ideas or finding good people?” – answer is very clear:
  • @ 22:07 Teams are more important than ideas: “If you have a good idea and you give it to a mediocre group, they’ll screw it up. If you give a mediocre idea to a good group, they’ll fix it, or they’ll throw it away and come up with something else.”
  • @ 22:27 “We think about ‘an idea’. When we think of ideas for movies, we think about ideas for products. And it’s usually thought of as some singular thing. But the reality is, these successful movies – as well as successful products – have got thousands of ideas. There’s all sorts of things necessary for it to be successful. And you have to get most of them right to do it. That’s why you need a team that works well together.
  • @ 23:49 On teams that function well together as a key competitive driver.”On the way we measure progress, is on how well that team gets together.”
  • @ 23:57 “The first time you do it, it’s a mess.”
  • @ 24:07 “The only failure is if you don’t learn from it – if you don’t progress. So the way you measure it, is this team functioning well together? And it’s a thing that’s never let us down. When that team functions well together they will succeed. When things are going wrong, they will fail.
  • @ 25:00 “People like to copy the wrong things.”
  • @ 25:25 “They always remake good movies. And rarely do they beat the good movie. But the fact is, there are thousands of movies out there that are actually great ideas, but are poorly executed. They should be remaking bad movies.”
  • @ 25:38 “How does it happen with products – the ones that do better are the ones just copy somebody else’s good product, they actually take the thing that’s going wrong and fix that. That’s the better idea.”
  • @ 25:52 “They could copy the technology, but they couldn’t copy the process we were using to come up with the story.”
  • @ 28:07 (on post-mortems) “Get a lot of facts about the process. When you put the facts up, and you are fact driven, it actually stimulates discussion. And it’s those discussions that are very valuable.”
  • @ 28:39 “Summarize a few of the things we’ve learned:
    1. Constant review
    2. It must be safe for people to tell the truth
    3. Communication should not mirror the organizational hierarchy
    4. People and how they function is more important than ideas
    5. Do not let success mask problems; do a deep assessment.”
  • @ 29:55 “Everybody says that the story is the most important thing, even if the story was drivel. It might be true – in fact, it is true – but it doesn’t effect behavior.”

Three ways to tell if a .NET Assembly (DLL) has Strong Name

Three ways to tell if a .NET Assembly is Strongly Named (or has Strong Name)

Here are several convenient ways to tell whether a .NET assembly is strongly named(English language note: I assume the form “strongly named” is preferred over “strong named” since that’s the form used in the output of the sn.exe tool shown immediately below.)

Towards the end, this post discusses use of Strong Names with Silverlight.

Then in the final section of this post the often confusing – though very important – differences between Strongly Named assemblies and Digitally Signed assemblies are clarified.

But first, here are three approaches for telling whether a .NET Assembly is Strongly Named...

Approach #1: Testing for Strong Name on Command Line or in a Script

You tell whether an Assembly/DLL has been successfully strong-named using the Strong Name Tool (sn.exe) (which can be found somewhere like here: C:\Program Files\Microsoft SDKs\Windows\v7.0A\bin\sn.exe) by running the following at the command line:

sn -vf System.Data.dll

Here are the results when running against a strongly named assembly, then one that is not strongly named.

C:\> sn -v C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\System.Data.dll
Microsoft (R) .NET Framework Strong Name Utility  Version 4.0.30128.1
Copyright (c) Microsoft Corporation.  All rights reserved.
Assembly 'C:\...\System.Data.dll' is valid
C:\> sn -v C:\WINDOWS\ismif32.dll
Microsoft (R) .NET Framework Strong Name Utility  Version 4.0.30128.1
Copyright (c) Microsoft Corporation.  All rights reserved.
C:\WINDOWS\ismif32.dll does not represent a strongly named assembly

Since the return value from sn.exe is 0 (zero) when the strong name is in place, and 1 (one) if not correctly strong named, you can test for this in a script by examining ERRORLEVEL, as in the following (put it into a text file called “sn-test.bat” for example and run as “sn-test foo.dll”):

@ echo off
if "%1"=="" goto END 
sn -q -vf %1 > NUL 
if ERRORLEVEL 1 goto NOT_STRONG
:STRONG
echo Has strong name: %1
goto END
:NOT_STRONG
echo Not strong named: %1
goto END
:END

Note that this will tell you whether it has SOME strong name, but does not tell you which one. So this technique is not appropriate for all uses, but might help in, say, an automated script that checks your about-to-be-released assemblies to make sure you remembered to add the strong names to them. (See note below – “Strong Names not for Security”.)

If you need finer-grain control and wish to write low-level code to ascertain the strong-naming status of an assembly, you can do that too.

Approach #2: Viewing Strong Name Details with IL DASM

Visual Studio ships with a handy utility – the Microsoft Intermediate Language Disassembler (ILDASM.EXE (tutorial)) – which can be used for disassembling .NET binaries to peruse the contents, perhaps for viewing the method signatures or viewing the .NET Assembly Manifest. It is helpful to load an assembly using IL DASM and examine the manifest to see whether there is a strong name key available. Your first step is to load the desired Assembly using the ildasm.exe utility. On my Windows 7 machine, IL DASM is found at

C:\Program Files\Microsoft SDKs\Windows\v7.0A\bin\ildasm.exe

and you can load up the System.Drawing.dll .NET Assembly as in the following example:

C:\> ildasm C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll

Once loaded, you will see a screen like the one below.

Note the MANIFEST section highlighted. Double-click on MANIFEST which load the following screen of manifest-specific data:

Find the section for the Assembly you’ve loaded – in this case, System.Drawing and following the section (which is marked with the “.assembly System.Drawing” directive highlighted above, and the content begins with the opening brace (“{“) shown above, and ends with its matching brace later in the manifest, and shown below.

The highlighted part of the manifest is the public key for this assembly. This public key can also be seen using the sn.exe tool, as follows:

C:\> sn -Tp C:\Windows\Microsoft.NET\Framework\v2.0.50727\System.Drawing.dll echo Not strong named: %1
Microsoft (R) .NET Framework Strong Name Utility  Version 3.5.30729.1
Copyright (c) Microsoft Corporation.  All rights reserved.
Public key is 002400000480000094000000060200000024000052534131000400000100010007d1fa57c4aed9 f0a32e84aa0faefd0de9e8fd6aec8f87fb03766c834c99921eb23be79ad9d5dcc1dd9ad2361321 02900b723cf980957fc4e177108fc607774f29e8320e92ea05ece4e821c0a5efe8f1645c4c0c93 c1ab99285d622caa652c1dfad63d745d6f2de5f17e5eaf0fc4963d261c8a12436518206dc09334 4d5ad293
Public key token is b03f5f7f11d50a3a

Note that the Public key in the output from sn.exe matches the highlighted public key in the image immediately above it (of course you should ignore the spaces between pairs of digits in the screen shot).

If an assembly is not strongly named, the Public key will be missing from the manifest and will not be displayed by sn -Tp command.

Since IL DASM comes with both Visual Studio and with the .NET SDK, it is already on the desktop for most .NET Developers, and is therefore sometimes the handiest tool. The third option, .NET Reflector, is a third-party tool, though one adopted by many .NET Developers due to its awesomeness. Reflector conveniently shows more details about the strong name.

Approach #3: Viewing Strong Name Details with Reflector

You can load an assembly in the free version RedGate’s .NET Reflector and quickly see the strong name details – or lack thereof for non-strong named assemblies. In the image below, see at the bottom where the strong name string is highlighted. Note that the strong name has five parts (though the Culture is optional):

  1. Simple Name or Assembly name without the “.dll” extension (“System.Data” in case of assembly “System.Data.dll”)
  2. Assembly version (“2.0.0.0” in case of “System.Data.dll”)
  3. Culture (“neutral” in case of “System.Data.dll”, but might be “en-us” for US English, or one of many others)
  4. Public Key or PublicKeyToken (public part of the cryptographic public/private key pair used to strong name the assembly, “b77a5c561934e089” in case of “System.Data.dll”)
  5. Processor Architecture – Defines the assembly’s format, such as MSIL (intermediate language) or x86 (binary for Intel x86 processors)

Using Reflector to show strong name

In the next image, see at the bottom where the LACK OF complete name string is highlighted; this assembly does not have a strong name to display, so “Name” field includes a null value for PublicKeyToken. (Note that in the real world, Spring.Core.dll is in fact released as strongly named by the good folks on the Spring.NET project; the screen shot below was done on a non-production version of that DLL.)

Reflector shows missing strong name

While you are at it… make Reflector the default program for “launching” assemblies (actually would need to be for all files ending in the .DLL extension, but Reflector is smart enough to not choke on non-.NET assemblies).

Approach #4: (Bonus!) Viewing Strong Name with Windows Explorer

This post promised three ways to tell if a .NET Assembly has a strong name – but here is a bonus 4th way. Windows Explorer will not show you the strong name characteristics of an assembly, with one exception – for assemblies in the Global Assembly Cache (GAC), strong name data is included in the Properties dialog. If  you are examining the GAC, this can be handy.

Of course, if an assembly is in the GAC at all, it is strongly named by definition; assemblies are required by .NET to be strongly named to be allowed in the GAC.

Strong Naming for Silverlight

Silverlight also has support for strongly named assemblies, which is needed for the Cached Assembly Feature introduced in Silverlight 3.0.

(Silverlight 4 also introduces supports for digital signatures on XAP files, created by signtool.exe, which are validated by the Silverlight runtime for out-of-browser (OOB) applications running with elevated trust.)

Strongly Name Assembly != Digitally Signed Assembly

Strong Names and Digital Signatures are Orthogonal Concerns – Almost

Strongly Naming and Digitally Signing are largely orthogonal concerns. They have different purposes, different tools, and the digital certificates may come from different sources (for publicly distributed binaries, the certs for Digital Signing usually will come from a PKI source, though that is not essential for the Strong Naming certs).

The only dependency among them is that if the Assembly is to be Strongly Named, then the Strong Naming step has to happen before the Digital Signing step.

How do I check whether an assembly is Digitally Signed? You can run the following command to determine whether assembly “foo.dll” is digitally signed:

signtool verify /pa foo.dll

If you want to see the hash – for example, to compare with another assembly’s hash – then you can view it using the following command sequence:

signtool verify /v /pa /ph foo.dll | find "Hash"

Of course, you can use sn.exe and signtool.exe together (one after another) to examine an assembly to ascertain both whether it is strongly named and whether it has been digitally signed.

Strong Names are NOT for Security!

Finally, a word of caution… Strong names are about versioning, not about security. Strong names are more about avoiding DLL Hell (which is largely an accidental concern) than about avoiding hackers (which is deliberate). While a strong name may help alert you to tampering, realize that strong names can be hacked, and Microsoft emphasizes that  strong-named assemblies do not give the same level of trust as digitally signing:

Strong names provide a strong integrity check. Passing the .NET Framework security checks guarantees that the contents of the assembly have not been changed since it was built. Note, however, that strong names in and of themselves do not imply a level of trust like that provided, for example, by a digital signature and supporting certificate.

Consider digitally signing your .NET assemblies if it is important to you or your customers that the origin of the assemblies be traceable and verifiable. One source of digital certificates that can be used for Digitally Signing assemblies is Verisign which has Authenticode Certificates.

See also the response to this comment for more details.

Make Reflector the default action for opening .NET Assemblies in Windows Explorer

Many .NET developers know and love the .NET Reflector tool. If you are one of them, consider making Reflector the default action for when you double-click on (i.e., open) a .DLL file. Just like assigning Microsoft Word to open .DOC files, you can assign a program to open your .DLL files. It is easy… Here are the instructions for Windows 7 – for other versions of Windows the process is similar.

1. Download Reflector and install it; remember where it is installed

2. Using Windows Explorer, navigate to any DLL file on your computer

3. Right-click on the DLL and select “Open with…” from the popup menu

4. From the Caution dialog that appears, select “Open with…” (yes, you have to select it twice, once in step 3, again in step 4):

5. From the dialog that appears, choose the second option – “Select a program from a list of installed programs”:

6. Now you will simply need to choose  the “Browse…” button and navigate to wherever it is you installed Reflector.exe, click the “Open” button and you are done.

Now whenever you want to examine a DLL in Reflector, you can double-click on it from Windows Explorer. If you tool around in the command line like I sometimes will do, you can also launch the DLL in Reflector by just “running” it from the command line like you might do for a .txt document to open it in Notepad.

Realize that Reflector can’t do much with a DLL that is not actually a .NET Assembly, but will handle that case gracefully.

BostonAzure.org “Subscribe to Email List” Form gets UX make-over

There is a “subscribe” form on the Boston Azure web site from which people can ask to be added to  the group’s email list.

I just made some updates to improve the user experience (UX). Here are the changes I made, and I list the handy web resources I used to help me decide (where applicable).

For field labels, I place the label directly above the field it describes. I use <fieldset> and <label> to describe my markup, presumably making it friendly to screen readers. (Credit to templates provided with ASP.NET MVC for making this part easy.) This is the layout that Luke Wroblewski (author of Web Form Design: Filling in the Blanks) recommends in his Best Practices for Web Form Design for scenarios where you want to maximize speed, and the user is likely familiar with the data being requested.

Luke’s work is packed with clear, actionable, useful guidance that is easily applied and backed by user research. A gold mine…

Other recommendations I adopted from LukeW include:

  • Since I have two required fields and three optional ones, I removed the (Required) labels, and stuck with the (optional) ones only.
  • Added field length for optional Notes field.
  • Made the Primary Action of the form (the Subscribe button) green, just like Apple Store (got the idea from UIE mailing).

Also from LukeW, but from a different source (The Apple Store’s Checkout Form Redesign, which I learned of from a UIE mailing):

  • After the form is submitted, the user does not get an immediate email. I made that clear in the resulting text.

More improvements I can make in the future, also based on LukeW, include:

  • Validate the data entered. In my case, this is currently only that a well-formed email address is provided.
  • Provide more context on why data is being requested.
  • Disable the Submit (Subscribe) button after it is clicked to avoid double clicks.

Other changes, outside of LukeW’s guidance:

  • Mentioned “low volume” and “will not spam you” – though also need a privacy policy. Will get to that eventually..
  • Programmatically set focus to the first field in the form when the page is loaded. I used the jQuery technique described here.
  • Dropped “:” (colons) at end of labels while also changing labels text from leading caps style to mixed case (“Job title” instead of “Job Title:”). While not decisive for me, I found an interesting discussion around whether to use a colon in form labels.
  • Made sure users could press Enter at any time to submit – but this will only work if they are not in the single multi-line field on my form. Need to consider removing that field … Need to consult with Joan on that one. 🙂

Used semantic mark-up to implement the green Submit (Subscribe) button mentioned above:

Green button that is visually distinctive

Submit (Subscribe) Button

HTML:

<input type="submit" id="primaryaction" value="Subscribe" />

CSS:

#primaryaction
{
 padding: 5px;
 color: #FFFFFF;
 background-color: #267C18;
 font-weight: bolder;
}

Old form:

sign-up form BEFORE the make-over

New form:

The subscribe form AFTER IMPROVEMENT

The AFTER screen shot