Darrell Norton's Blog [MVP]

July 2003 - Posts

• Things will never turn out like you expect them to

  I was going through some of my old MBA class notes last night as I was not-as-frantically-as-I-should-be trying to pack (or pitch) for this weekend's move.  It is hard to believe, as much as I am in to software development now, that when I was searching for a job during my stay at the College of William and Mary's Graduate School of Business that I wanted to work as a supply chain management consultant, build up some experience, make some real money, and retire young.  But it seems that in a robust economy, such as what we were experiencing in the spring of 2001, nobody wanted to hire any consultants.  It seems that businesses do not need help in deciding things to cut.  So I decided to continue with my previous experience in software development (my undergraduate degree was in Information Science / MIS). I guess you never know how things will work out. Posted Jul 31 2003, 10:53 AM by darrell with no comments

• New things on the horizon

  Today (Tues, July 29, 2003) I put in my resignation notice.  Thankfully my company allowed me to leave this Friday on good terms, so that I could start my new job Monday, Aug 4.  I am going to have to pack and move to another city (an hour+ away) this weekend, in addition to attending a rehearsal dinner Thurs night and a wedding Friday night (not mine!).  Should be fun!  Luckily, I have friends ready to pack me up and send me off, and others ready to greet me and help unpack. A whole new world of opportunity awaits.  I'm ready to get started! Posted Jul 29 2003, 09:43 PM by darrell with 3 comment(s)

• The ultimate in home security

  The Subterranean Fortress - This tri-level house sits on top of a camouflaged 4-story deep Subterranean Fortress designed to handle virtually any disaster. The 3-ton blast door will certainly discourage solicitors. Posted Jul 29 2003, 10:40 AM by darrell with no comments

• Improve your strongly typed DataSets

  Jim Meeker thinks that strongly typed DataSets are cool.  Shawn Wildermuth has an article about Improving Typed DataSets on OnDotNet that shows you how to rename classes, properties, and relationship accessors, and define how to handle database nulls through annotations.  If you've ever hated the default method names or wanted to customize them to be more object-oriented, this is the article!  I usually only do this if I am working on a large app and the improved readability will help other developers. Posted Jul 29 2003, 10:02 AM by darrell with no comments

• Coding standards

  Roy Osherove posts about coding standards, referencing DotNetJunkies own blogger Mark Brown, who posted about IDesign.net's C# Coding Standards.  When I was working on creating coding standards for my company, I also looked at Mike Kruger's C# coding standard, the Code Conventions for the Java Programming Language, and Scott Ambler's Coding Standards for Java. Roy makes some good points, like make sure all employees agree with the standards, consult with everyone (a way to build consensus and buy-in), and the comment that "no one will bother adhering to a 250 page document."  IDesign's coding standard is only 20 pages long, but even that is pushing it.  If developers have to keep referencing the document to follow the "finer points" of coding style, it will always be rejected.  Ideally, only those things which can be automatically detected (through something like FxCop) should be part of the coding standard.  FxCop allows a developer to check their conformance to "standards" continuously, and it even offers explanations on how to change "offending" code and why. You can also develop your own in-house rules. I would like to caution that "Merely saying 'make it so' doesn't make it so." As you develop a coding standard, remember that new employees will get the full hockey stick part of the learning curve, whereas you will be able to assimilate a few pieces at a time.  New employees take a long time to become productive employees and salaries are the biggest expense for any consulting/software development firm, so you want to make it as easy as possible for them to get up to speed.  You do not want to create additional artificial barriers that prevent employees from being productive.  The key is to balance the improved readability of code with the increased learning curve for new hires.  Some agile developers get along very well with a coding standard that consists of "The code must be readable and understandable at a glance." One thing that irks me about IDesign's coding standard is that they specify spaces instead of tabs (on the whole I think the IDesign standard is very good).  Visual Studio .NET can take whatever source code you give it (spaces, tabs, or spaces and tabs) and reformat it according to your preferences by simply highlighting a section and pressing Ctrl-K, Ctrl-F (or go to Edit - Advanced - Format Selection).  There are other options to Tabify, Untabify, and Delete horizontal white space.  Pretty much every IDE will be able to convert spaces and tabs (it is not that difficult a function), so why is this rule there?  It's a waste of space and a waste of time to read. Posted Jul 29 2003, 09:51 AM by darrell with 13 comment(s)

• More about SQL Server Yukon

  ITWriting.com has an interview with Euan Garden about what's new in SQL Server Yukon.  This article has more details than many others I have seen.  Like I had suspected earlier, the XML capabilities in Yukon are really going to put the pure XML databases out-of-commission, with a native XML data type, full support for XQuery and various other XML standards, and field indexing that is "magnitudes faster" than the current performance of XML-based operations. Microsoft also plans to ship Objectspaces with Yukon.  Objectspaces is an object-relational persistence framework.  You set up the mapping of objects to tables, and from then on you just call the Objectspaces API.  This will likely put many object-oriented databases out-of-commission as well.  There never really was a need for OO databases, it was just some vendors cashing in on the OO trend.  The relational model is based on proven scientific theory, whereas OO databases were based on buzzword compliance. Posted Jul 28 2003, 10:37 AM by darrell with no comments

• Guaranteed bug-free software

  The very first guaranteed bug-free software program, NaDa.  Could be a revolution in the works here!  [courtesy of Hacknot] Posted Jul 28 2003, 09:58 AM by darrell with 6 comment(s)

• Avoiding cross-site scripting attacks with a Secure Label

  Cross-site scripting (XSS) attacks are one of the easiest hacks to do, and usually pretty effective merely because developers do not guard against the threat.  It is a pain to have to write Server.HtmlEncode( string ) over and over again, or to go into the DataBindings for a label and customize the DataBinding expression to do this.  So instead we created a SecureLabel label.  It inherits from System.Web.UI.Label and overrides the Render, adding one line to HtmlEncode the label's text.  This way we kept all the designer support for a regular label. Take the code, put it in a library, and just include the dll in your next project.  You can even add it to your component toolbox in VS.NET, so the next time you need a secure label, you can just drag and drop it on the page.  Here's the code: using System.Web; using System.Web.UI.WebControls; namespace NorthropGrumman.APEB.StandardWebControls {     ///     /// HTML-encodes text to prevent malicious scripting.     ///     public class SecureLabel : System.Web.UI.WebControls.Label     { public SecureLabel() { } protected override void Render(System.Web.UI.HtmlTextWriter writer) { this.Text = HttpContext.Current.Server.HtmlEncode(this.Text); base.Render(writer); }     } } Posted Jul 25 2003, 08:58 AM by darrell with 7 comment(s)

• Secure your network the proven way

  I just finished reading Chapter 15: Securing your Network, of the Improving Web Application Security: Threats and Countermeasures guide.  The amount of stuff that has to be configured and secured for even a small network is incredible.  Instead of abstracting away the complexity of the network and what it can do, advances in firewalls, routers, and switches have shifted the complexity to securing so many different devices.  That is why the Enterprise and Internet data center guides are so important.  They at least start you off with a base that meets say 80 percent of your needs (maybe only 50 percent, perhaps as high as 99 percent), and then you can modify, secure, and test only the changes from there.  These guides also come with lists of hardware configurations that are proven to work.  I've had times when something as simple as a "standard" network card and "standard" sound card did not want to play nice together; these lists alone are worth the price ($0, you can pay by cash, check, or credit card).  Also reading the data center guides gives you a reference point when discussing issues with your network guys, so spend a little time spelunking. Posted Jul 24 2003, 09:21 PM by darrell with no comments

• SQL Server articles and references

  MSDN is starting to publish 2 articles per month from SQL Server magazine.  There's no link, but the articles appear in the MSDN Just Published RSS feed.  I've had a subscription up until now (when my free year for getting my MCDBA ran out) and it is a good magazine if you are in SQL Server all day.  Not to knock it since I work with SQL Server a lot, but not enough to warrant spending the money on the magazine.  SQL Server Books Online (you'll often see it abbreviated BOL), updated for SP3, is one of the best references you can get and covers 95% of what you need to do.  Book-wise, Admin911: SQL Server 2000 is great for admin topics (I used it to study for exam 228) and to really get into the details there is the preeminent Inside Microsoft SQL Server 2000 by Kalen Delaney. Posted Jul 24 2003, 05:28 PM by darrell with 1 comment(s)

• Enterprise Solution Patterns v1.1 released

  Two new chapters added to Microsoft's Enterprise Solution Patterns: Chapter 6: Services Patterns Chapter 7: Performance and Reliability Patterns The whole shebang, labeled v1.1, is also available for download. Posted Jul 23 2003, 03:26 PM by darrell with no comments

• Highlight by hovering and select by clicking anwhere in a DataGrid row

  Bipin Joshi has an article on Highlighted Hovering and Anywhere Selecting A DataGrid Row.  It's all DHTML, so no postbacks to worry about!  Includes VB.NET source code. Posted Jul 23 2003, 03:20 PM by darrell with 2 comment(s)

• Testing implementation of interfaces with .NET

  Joe Walnes posted about Design by contract: testing implementations of interfaces.  Although the code shown is incomplete (there is no code that implements the CheeseMaker interface), it is understandable enough.  In .NET, thanks to NUnit and .NET attributes, the abstract CheeseMakerTest would not have to inherit from Testcase and you would not have to prefix each test with "test".  The class would just be decorated with the TestFixture attribute and the tests decorated with the Test attribute. Posted Jul 23 2003, 03:10 PM by darrell with no comments

• New VB Blogger and Performance Techniques for Converting Objects to structures

  Cameron Beccario, a new VB.NET blogger, has an interesting article on performance techniques for converting Object to structures.  The suggested option involves using DirectCast, which PaulV has also blogged about. Posted Jul 23 2003, 10:26 AM by darrell with no comments

• The future of the American Programmer

  Warning: most of this post will only be of interest to U.S. citizens. Everyone is wondering about how to keep your job.  Many professional developers wonder how they will stay relevant as Tech jobs leave the US.  Dave Thomas suggests that developers need to be able to reposition themselves in the value chain.  One way to reposition yourself, with relatively little change in skills, is to work for the U.S. defense industry.  There are plenty of jobs for developers with security clearances.  Many employers pay big bonuses for security clearances since they cost a lot and take so long to get.  To get a clearance or even to work in the industry at all you usually have to be a U.S. citizen, so there is no worry about jobs moving abroad.  If you want to be a developer, my suggestion, especially for all the new Computer Science graduates, is to work for a defense company and work hard to get a security clearance.  Even if it expires, it is so much quicker to reinstate than to get a new one that companies often prefer it over experience. Posted Jul 21 2003, 03:37 PM by darrell with 1 comment(s)