in Search

Do you Twitter? Follow us @CodeBetter

Grant Killian's Blog

No, this has nothing to do with beer -- but maybe it should?

May 2004 - Posts

Dude, where's my XML?

As I looked over the TechEd session list, I was thinking “Where is the XML?” A few years ago, there would have been DOM, hierarchical XML data, XSLT, and other sessions speaking directly about XML; every timeslot would have had something to satiate the buzz-word crazed masses. Not this year . . . or so I thought. What really has happened is that XML is maturing beyond the buzzwords and being baked into applications and frameworks so that it's behind the scenes, driving the solution even though the user may not know it. The SharePoint talk I attended involved sending messages using xml as the message format. The BizTalk product (which I learned is Microsoft's largest pure c# application at 1.8 million lines of code) routes and receives based extensively on XML; the BizTalk Maps and Schemas are all building on XML. Web Service Enhancements version 2 relies on SOAP (a specific XML standard) for messaging. Even though XML doesn't figure prominently in the session titles and abstracts, XML is certainly present at TechEd in a profound way.

That being said, there was one particularly xml-focussed session given by Mark Fussell entitled XML Today and Tomorrow and it was very interesting. He ran down a few main XML features in the .Net Framework today and compared them with what's coming tomorrow in Visual Studio 2005 (aka Whidbey). Mark asked the room: “who is using XPath today?” and the show of hands was only around 10%; apparently, my blog post on XPath back in 2003 hasn't taken the world by storm (or the other XPath proponents out there). Mark affirmed that XPathDocuments have a better DOM API than XMLDocument and are considerably quicker than XMLDocument -- use XPath unless you have a good reason not to. XMLDocument loads the whole xml file into memory and is generally more sophisticated than XMLDocument. This isn't new information. What's new is that XPath will get 20%-40% faster in the next version of the framework because they've rewritten the xslt processor from the ground up. Furthermore, we're getting an XPathEditableNavigator in the next version (v2 hereafter) that lets us modify the xml in memory. XMLDocument isn't going away, but XPath is where Microsoft has invested it's energy.

Are you sitting down for this next part?

XSLT will be compiled in v2; they'll generate MSIL from the XSLT! This also means a PDB file (a debugging file) can be generated from the code which means . . . you can step through the XSLT file as it processes a document with full VS.Net debugger support (Locals window, etc.). When you process a transformation, you can step into the xslt seamlessly; it's fully integrated into the VS.Net debugger. Mark demonstrated this and I saw it with my own eyes. Where was this during my hellish months with the “Microsoft B2C Reference Architecture based on XML and XSLT for Commerce Server” project so many years ago? I can't find anything official about that Reference Architecture because, I think, the reference has been set to null and marked for garbage collection! It wasn't a bad architecture, just very XSLT intensive at a time when there were no XSLT resources around. Debugging XSLT would have saved the day (and possibly the project).

Generally, XML v2 will be faster. XSLT gets 400% faster because it's compiled; XMLTextWriter and XMLTextReader get 100% faster. Performance has been a knock on XML solutions in the past, so this perf gain is great news. “I love perf!“ exclaimed Mark Fussell at one point in his talk.

Until version 2 becomes available in Visual Studio 2005, get on the XPath train and start working with your XML faster and easier today; when tomorrow roles around, you'll have an easier time taking advantage of the new stuff.

Happy .Netting!

Posted May 26 2004, 01:31 PM by grant.killian with 3 comment(s)

TechEd 2004 Day 2 (Tuesday)

Many great things today . . . too much for one blog post . . . San Diego sunny . . . must stay strong . . . TechEd is a marathon and NOT a sprint.

Posted May 25 2004, 07:33 PM by grant.killian with no comments

TechEd 2004 Day 1

This post is dedicated to Mark DiGiovanni who, although couldn't make it to San Diego this week, I know is with me in spirit while I'm at TechEd. You're my boy, blue!

This morning was Steve Balmer's keynote and just walking into the room was impressive. Thousands of developers in a room listening to Stevie B's sermon on the business of innovation. “Only Pfizer spends more on R&D than Microsoft.“ Steve Balmer reminded me of Jesse Ventura with his confident public speaking style . . . very impressive. The keynote demos by two Microsoft marketing folks were very fast and very rehearsed. They announced WSE 2 is officially available and the Office IBF (Information Bridge Framework) is available as a technical preview; IBF turns Office into a smart client for WSE2 . . . and WSE2 is a good precursor to Indigo, so this is good news for those of us doing web services work. We were also shown a preview of VS Team System that integrates code coverage, unit testing, security and deployment analysis, and even work items and work flow ALL INTO VISUAL STUDIO. It looked very slick! Estimated timeframe is in line with Whidbey, so next year.

After the keynote, I attended the Don Box and Doug Purdy show. They were spreading the gospel according to Service Orientation and it was great: informative and entertaining. This talk had too much good stuff to summarize it hear; nothing ground breaking, but a great summary of where we stand and where we're going with SOA. ASMX is the recommended approach, with Enterprise Services and Remoting stepping in to fill particular needs. Key take away: Web Service Extentions (WSE) gives developers Indigo-like stuff until Indigo is ready for primetime (years from now). I see WSE 2 in many of our futures!

Next, I caught a quick session on Office 2003 and VS.Net. Nothing new, but nice to affirm I've been going in the right direction. For those of you who haven't experimented with it, c# for VS Tools for Office sucks because there are no optional parameters in c# and you end up creating a lot of extra code in c# versus VB.Net. Score one for the VB.Net folks! For example, to save a Word Doc in C# takes like 20 lines of code compared to 1 in VB.Net. That's right. That's why most of the demo code is in VB.Net and, for Office stuff I do, I'm going to lean toward VB.Net as it seems the best tool for the job of extending Office.

I attended a SQL Server Reporting Services presentation that lacked personality and was dry. Reporting Services is still a nice product and recommend you all go out and burn your Crystal Report licenses . . . mine is in the “to be burned” pile.

I took a quick tour through the vendor area (there are hundreds of booths) and got sick of it. I don't really want a bunch of glossy brochures and 30 days of this thing or that . . . I know there are great products in the mix, but it's not a forum that appeals to me. Too much like a car dealership. I did grab some free stuff for Darrell and the gang back home, though, don't worry! I'm keeping the Tequila, though.

In a fit of crunchy granola fanaticism I elected to go outside the conference hall and you know what? San Diego is gorgeous. 65 degrees and sunny, with just enough breeze to let the ocean caress your nasally parts. Very nice. I took a stroll along the water and enjoyed it all. I might have to skip a few hours of the conference and get into a sea kayak or something . . . who knows when I'll get back to San Diego? For all of you planning big conferences, San Diego is terrific because the airport is within walking distance of the downtown and it's all along a beautiful bay. Cute downtown with plenty of shops and eateries.

Meanwhile . . . back at the conference, I attended my final session for the day. Eric Gunnerson, the C# compiler Program Manager, did a terrific talk on C# best practices. Not much new material, but hearing it from “the horses mouth” was worth it; Eric's dry sense of humour made this talk memorable -- anyone who writes the session agenda in c# on his first powerpoint slide is alright by me! Eric discussed the GC, exception handling, string concatenation, threading, and more. The C# team page at http://msdn.microsoft.com/vcsharp/ is a great reference for us to keep in mind!

Best free beer of the day: I haven't had one yet, but I expect it to be on INETA at the Westin. There's a standing 7 PM bar tab for the INETA crew.
Number of free garments today: 2 (both from Microsoft). I couldn't stand it any longer in the vendor hall, or else I could've scored many. Perhaps, for Darrell Norton, I'll try again tomorrow.
Best giveaway of the day: Again, I shunned the vendor exhibits or I could've done really well. <cheesy>I'll have to settle for the brilliant view San Diego gave me on my 30 minutes outside</cheesy>.
Grant's impression of TechEd as of Day 1: it's enormous and some of the good sessions are too crowded to fit into.

Happy .Netting!

Posted May 24 2004, 06:57 PM by grant.killian with 1 comment(s)

TechEd Day 0 Errata

A few details from yesterday I meant to include but forgot.

I said TechEd attendance is 11,000 . . . this is still true, but 3,000 of them are Microsoft staff. “Only“ 8,000 actual attendees.

One of the Indiana whiz kids from the coding slave meet up is Erik Porter at http://weblogs.asp.net/eporter.

MSDN Search, while broken, has some cool features planned including personalization; think about Search storing your zip code in your profile and sharing links to a local user group on the topic you search for. This could be an interesting development.

I have to change my “best free giveaway of the day” to the 750 ml of tequila from MSDN. Seriously. When I blogged last night I neglected to check the MSDN bag from the INETA summit. Hilarious. I'm assuming everyone got the tequila and not just me . . . or maybe that's part of the new MSDN Search personalization initiative . . .

Happy .Netting!

Posted May 24 2004, 06:17 PM by grant.killian with 2 comment(s)

TechEd 2004 Day 0

This post is dedicated to Darrell Norton who, although couldn't make it to San Diego this week, I know is with me in spirit while I'm at TechEd.

I came in yesterday (Saturday), a day early, so I'd be able to make the INETA User Group Summit on Sunday. After waking up at 6 AM and going for a jog (I'm on East Coast time so that's really only like 9 AM), I elected to walk to the INETA conference at the Westin instead of take a shuttle. It seemed like a great idea since San Diego has such nice weather, but since I was cheap on my choice of hotels (I'm paying for the hotel out of my pocket) I ended up staying at the one on the other side of the airport from downtown San Diego. It's like a 5+ mile walk. Great for my metabolism, but terrible for me making the INETA Summit on time. 90 minutes after leaving my hotel I arrived at the Summit -- too late for the free breakfast, but the Summit had yet to begin so I was in the clear.

Let's see . . . the Summit was very informative and I see now how INETA gets things done: a few very committed volunteers work their tails off and make the magic happen. That's it! I have a new appreciation for the level of effort involved and I drank the INETA kool-aid (it was free beer, actually) and offered to contribute to the cause, details to follow later. I ran into Julie Lerman (and I didn't call her “J-Ler”, although I was tempted to) and I happened to be sitting next to the regional INETA liaison for my user group WeProgram.net -- Scott Locke -- so it was good to finally meet these people after all this time. I also seemed to always go to the bathroom at the same time as Tim, the Maine Bytes user group guy. He's convinced me being a developer in Maine isn't such a bad idea. I also got to meet some of the California user group folks and the Microsoft Developer Champions -- it's just cool to learn what else is going on with user groups in the country from all these different perspectives. For example, California has 25+ .Net user groups and some can't find a place big enough to meet! If your group has 200+ attendees at each meeting, you need a big facility to support that load. One tactic San Diego's .Net group has taken is to have annual membership at $50/head . . . they've gotten 100 people to sign up so now they've got a $5,000 annual budget.

As for more on the content of the Summit, I learned a few good tips for dealing with vendors and the community and how to handle meetings. It sounds like we need to get Infragistics to one of the WeProgram.Net meetings sometime -- they're user group presentations are NOT sales pitches and really informative. Same goes for Altova, which is great because Altova is coming to WeProgram.Net in a few months! One other thing about dealing with vendors: look to build a long term relationship instead of just a one-night stand. Wintellect's Sara Faatz did a nice piece about this vendor relations topic.

The folks from MSDN came in and did an informal presentation. They confided that MSDN Search is broken -- and they know it -- and they're working on having a sophisticated search out in 6-9 months from now. Until then, www.Google.com is the easiest and fastest out there! One comment from the INETA peanut gallery: “Why doesn't Microsoft just buy Google?” The MSDN speaker chuckled and moved on to the next point.

There were other good points and blog-worthy issues, but I don't feel like digging them out at the moment; I've got to save something for a slow blog day! Suffice it to say that the INETA Summit was a great experience and I'm grateful for the chance to be a part. Maybe we'll get Darrell Norton or Mark DiGiovanni, other fellow WeProgram.Net founders, out to the next one!

Tonight was the highly anticipated (by me) Coding Slave meet-up organized by Rory Blyth. There were about a dozen of us that got together to socialize and discuss Coding Slavish things . . . but I don't know that there was much Coding Slavery in the evening. Many of the guys hadn't read the book yet, but author Bob Reselman brought some freebies out for everyone. While I didn't get to talk much with Bob, it was still a really fun time. Rory Blyth is a very entertaining character. I got to ask Carl Franklin, of .Net Rocks fame, about how he couldn't know what Tightie Whities were . . . turns out he just never heard of 'em. Go figure. Also met a couple boy-wonders from Indiana who run an INETA user group there; one of them is like 25 years old and an Microsoft MVP and an author and general whiz kid. Ian White shared his Cobol, .Net, and WS-I stories with me; I'm subscribed to his weblog effective immediately; he's part of some very interesting things.

There were may others there, even one token Canadian from Calgary, but I don't recall their names or any specifics; I should've taken notes! I know most of them blog, so I'm hoping to catch up with them and get a business card -- they all seem like likeable, interesting guys.

Whew . . . TechEd hasn't even officially started and I'm already feeling a bit beat. Let me conclude with a few quick facts:

Best free beer of the day: at the INETA sponsored cocktail hour after the Summit; I sat down with some of the ViaNetworks guys and talked adventure racing (www.HRAdventure.com anyone?) and search engine optimization. Got to remember to checkout www.Neboweb.com when I get a chance.
Number of free garments today: 5 (4 shirts and 1 canvas visor).
Best giveaway of the day: the free licenses to a ton of developer tools courtesy of INETA's hard work.
Grant's impression of TechEd Day 0: it's enormous. 11,000 developers. The convention center is a couple blocks long and the sessions will fill it all up tomorrow!

OK, off to bed. It's about midnight on the West Coast (which makes it . . . 3 AM on the East Coast) and I've got a call with a customer at 7:15 tomorrow morning. Seriously. At least this call isn't about MS Access . . .

Happy .Netting!

Posted May 23 2004, 11:22 PM by grant.killian with 8 comment(s)

R-Squared et al in C# (Math Class anyone?)

Ever try to program an R-Squared, Y-Intercept, and Slope calculator via a Linear Regression -- the good old sum of squares and codeviates from math class so many years ago? It sounds like an academic exercise, but this was an actual task I had to tackle for a custom reporting engine we wrote a while back. I had a rough time finding the nuts and bolts of the algorithm -- many online resources point you through Excel functions or a graphing calculator, but that wouldn't cut it for our app. In case there's another poor soul out there looking, let me post the foundation:

First, we create a ReportPoint object:

public class ReportPoint
{
  private double _dblX ;
  private double _dblY ;

  public double X_Coord
  {
   get{ return _dblX ; }
   set{ _dblX = value ; }
  }
  public double Y_Coord
  {
   get{ return _dblY ; }
   set{ _dblY = value ; }
  }

  public ReportPoint( double X_Coordinate, double Y_Coordinate )
  {
   _dblX = X_Coordinate ;
   _dblY = Y_Coordinate ;
  }
}

Nothing extraordinary there. Here is the good part, assuming you pass in an ArrayList of our ReportPoints above:

public static void calcValues( ArrayList alPoints )
  {
   double sumOfX = 0 ;
   double sumOfY =0 ;
   double sumOfXSq = 0 ;
   double sumOfYSq = 0 ;
   double ssX = 0 ;
   double ssY = 0 ;
   double sumCodeviates = 0 ;
   double sCo = 0 ;

   for( int ctr = 0; ctr < alPoints.Count; ctr++ )
   {
    ReportPoint objPoint = ( ReportPoint ) alPoints[ ctr ] ;
    double x = double.Parse( objPoint.X_Coord.ToString() ) ;
    double y = double.Parse( objPoint.Y_Coord.ToString() ) ;
    sumCodeviates+= ( x*y ) ;
    sumOfX += x ;
    sumOfY += y ;
    sumOfXSq = sumOfXSq + ( x*x ) ;
    sumOfYSq = sumOfYSq + ( y*y ) ;
   }
   sumOfXSq = Math.Round( sumOfXSq, 2 ) ;
   sumOfYSq = Math.Round( sumOfYSq, 2 ) ;
   ssX = sumOfXSq - ( ( sumOfX*sumOfX ) / alPoints.Count ) ;
   ssY = sumOfYSq - ( ( sumOfY*sumOfY ) / alPoints.Count ) ;
   double RNumerator = ( alPoints.Count * sumCodeviates ) - (sumOfX * sumOfY ) ;
   double RDenom = ( alPoints.Count*sumOfXSq - ( Math.Pow( sumOfX, 2 ) ) )
    * ( alPoints.Count*sumOfYSq - ( Math.Pow( sumOfY, 2 ) ) ) ;
   sCo = sumCodeviates - ( ( sumOfX*sumOfY ) / alPoints.Count ) ;
   double dblSlope = sCo / ssX ;
   double meanX = sumOfX / alPoints.Count ;
   double meanY = sumOfY /alPoints.Count ;
   double dblYintercept = meanY - ( dblSlope * meanX ) ;
   double dblR = RNumerator / Math.Sqrt( RDenom ) ;
   double dblSlope = dblSlope ;
   Console.WriteLine( "R-Squared: {0}", Math.Pow( dblR, 2 ) ) ;
   Console.WriteLine( "Y-Intercept: {0}", dblYIntercept ) ;
   Console.WriteLine( "Slope: {0}", dblSlope ) ;
   Console.ReadLine() ;
  }

Yes, yes, yes, I know a typed collection instead of an ArrayList would be better; I moved this code into a Console program to make an easy to follow demo of the logic and wanted to keep non-essentials to a minimum. Let's say I'm saving myself for Generics! So, in our main method we'd have:

[STAThread]
  static void Main(string[] args)
  {
   ArrayList al = new ArrayList() ;
   al.Add( new ReportPoint( 3, 2.6 ) ) ;
   al.Add( new ReportPoint( 5.6, 20 ) ) ;
   al.Add( new ReportPoint( 8.2, 30 ) ) ;
   al.Add( new ReportPoint( 8.4, 50.7 ) ) ;
   al.Add( new ReportPoint( 9, 51.4 ) ) ;
   al.Add( new ReportPoint( 10, 37.9 ) ) ;
   calcValues( al ) ;
  }

There you have it. You really need to watch your order of operations.

Happy .Netting!

Posted May 21 2004, 08:36 AM by grant.killian with 4 comment(s)

Dude, I hate MS Access . . . TechEd take me away

Do I even have to spell this out for anyone?

I worked with a team that did so many access-to-web projects that we had a canned “Why Access Sucks for More than your Desktop” document ready to send as part of our first response. I forget the specifics, it's been so long (thank God!), but we had a clever acronym like the “5 Ds: Data Integrity, Distributed Accessibility . . .” I wish I had a copy of that just in case . . . it was well written and had tons of cited sources.

I'm not even going to discuss the details of my current frustration; suffice it to say that it's after midnight and I'm not doing anything close to .Net -- my general rule is that only cool .Net stuff occupies my attention after 12 midnight, but an emergency came up for a customer and so here I am. I'm just taking a break before I wrestle with Access anew. This is just one of those things that working for a small company entails . . . there's the Access customer from time to time (although we've grown them into SQL Server and a split DB architecture -- steps in a positive direction!). The Ldb files, data compaction and corruption, access specific security, replication, the list goes on and on. I can't leave out On error resume next.

Like Bob Reselman's Coding Slave asks: do you spend more time with code you hate than with the people you love? Tonight I sure do. It's funny to consider I'll be enjoying TechEd stuff in a few days, but I've got these MS Access hurdles to overcome before I can get there. TechEd is my light at the end of the tunnel. I don't recall seeing any Access database classes on the TechEd agenda . . .

Happy .Netting (and not Accessing)!

Posted May 20 2004, 09:18 PM by grant.killian with 6 comment(s)

TechEdSchedule objSched = new TechEdSchedule() as CheescakeFactory.Menu ;

It's starting to sink in that I'm going to Tech-Ed. I leave soon and I started looking closely at the conference sessions -- I'm going to have some tough choices to make regarding tracks and sessions. To begin, I'm committed to a full Sunday of INETA with an evening Coding Slave Session tossed in for good measure -- if nothing else, I may be able to buy Bob Reselman a beer.

As for the regular conference, it's looking like a frenzy of Sharepoint, Biztalk, SOA, CLR, and WS-E. Some of the Wintellect guys are presenting, and I'd like to catch their new stuff since they were outstanding at Devscovery; no, Darrell, my nerd crush will not be there. A chance to hear Don Box and Anders Hejlsberg shouldn't be passed up, either. Oh man!

It's like ordering dinner from the Cheescake Factory, every entry sounds great and is probably more than enough!

Happy .Netting!

Posted May 20 2004, 12:39 PM by grant.killian with no comments

Daemon-Tools for ISO images

If you're like me and often installing software to your computer, it can be a pain to burn ISO files (like the one you get from MSDN Subscriber downloads). Daemon-Tools to the rescue. It lets you create virtual drives and mount ISO files directly (no burning or Roxio-hell required!).

Here's how it helped me:

I downloaded an enormous ISO file from MSDN, fired up Virtual Daemon Manager to mount the ISO file without having to create a CD first. The Virtual CD-Rom drive read the ISO file fine and launched the installation. I thought I was in the clear until, in the process of the installation, the setup package prompted for me to swap out my CD and put another CD in the drive (apparently there were some file from a related MSFT product required for this install). My initial reaction was . . . crap . . . but the Daemon-Tool manager lets me mount up to 4 virtual drives at once, so I just mounted another drive to the other ISO file and I was in the clear. For those of you with functional CD burners (and functional burning software), this will still save you some hassle!

Thanks to lil' Tim from Optimize for sharing this with me! I'm sure there's other interesting facets to Dameon-Tools, so check it out.

Happy .Netting!

Posted May 20 2004, 10:40 AM by grant.killian with 13 comment(s)

New Corporate Site

The company I work for finally got rid of the Flash monstrosity that used to be our website . . . now we've got a clean HTML site with content management for the marketing and sales folks. www.OptimizeIT.net Still a lot of work to do and we've got Staffing and Training sections to add (we also need to copy all of our sales propaganda over and I've got a few white papers to move), but it's a vast improvement. It's also 100% .Net which makes me feel all nice and warm inside.

If you've got a morbid curiosity about the old Flash site, it still lingers at www.optimizeit.net/home.html. Flash is a great tool when used in moderation . . . but having an IT site 100% in Flash only makes the company attractive to the video game addicts or design phreaks and not key decision makers in a business (who would contract our services!).

That being said, I still really like the Theory7 site (at www.theory7.com).

Posted May 20 2004, 10:11 AM by grant.killian with no comments

Dataset/Custom Entity Discussion and My 2 Cents

I'm catching my breath from a busy week or two (the details are not computer related, so I'll spare you them except for this little hint: www.HRAdventure.com). In reviewing some blog posts, I found this one from Barry Gervin that is a really interesting discussion of DataSets vs Custom Entities: http://objectsharp.com/Blogs/barry/archive/2004/02/10/273.aspx

For the record, I come down on the side of custom entities (using code gen to produce a skeleton object with getters and setters and some attributes to wire up the database code to our persistence agent). I just derive from this base object and of I go!

Speaking of code gen, check out this .Net Rocks episode featuring Kathleen Dollard for a good overview of the topic; her book sounds intriguing too. I still don't know about that .Net Rocks host Carl Franklin . . . it's in this episode or another recent one where he doesn't know what Tightie Whities are. He redeems himself, however, by enjoying a Sam Adams while on the show . . . always a good decision. Still, don't drink and derive!

Happy .Netting!

Posted May 19 2004, 09:13 AM by grant.killian with 2 comment(s)

WeProgram.Net arrives in Richmond

With the first meeting tomorrow at 6:30 PM at CapTech Venture's Richmond office (1118 West Main ST
Richmond, VA 23220), WeProgram.Net begins a new chapter (check out Darrell's post for topic details, a map, etc.). We've been successfully meeting in the Hampton Roads area for a year now (happy birthday WeProgram.Net!), and since some of our group comes from Richmond, we figured it would be good to have sessions up there, too.

To my knowledge, there is another .Net user group in Richmond (at www.RichmondDotNet.com) -- there are certainly enough evenings in a month for us to complement one another instead of compete. It's a true sign of the region's .Net-ification that multiple groups pop up! Maybe we can organize a friendly user group Cricket Match (WeProgram.Net Hampton Roads is having a BBQ and Cricket Match June 12th, contact me for details)?! For that matter, in Hampton Roads, there's the www.HRRSUG.org (who are having an INETA sponsored author next Thursday, May 20th!). At this rate, we could hold a regional user group summit (and have a little Cricket Tournament!). You heard it here first!

I know this WeProgram.Net hands-on Test Driven Development workshop will be very popular -- it's a great way to kick off <cheesyMusic>WeProgram.Net: the Richmond Years</cheesyMusic>. This presentation crushed at OOPsla. I was happy to update Steve Metsker's bio from “author of forthcoming book on C# Design Patterns“ to “author of C# Design Patterns books“ -- it's no longer forthcoming: it's available now; I've got a hard-backed copy watching me from my coffee table as I type this. It wants me to read it.

Anyway, I hope to see you tomorrow night at 6:30 at CapTech! We've got books and other giveaways (I heard a little rumour there's even baseball tickets?); it should be a good time!

Happy .Netting!

Posted May 12 2004, 06:39 AM by grant.killian with 4 comment(s)

Hashing & Encryption Because Our Curriculum Ignores It

We're covering some security topics in the ITPro class tonight; since we only have a few hours for the session, certain things have been left out of the curriculum -- it's impossible to give everything it's due. While I'm on the topic, I didn't choose the curriculum! None-the-less, cryptography is one topic that many students ask about, so perhaps I can address the questions before they're asked . . .

First, Hashing and Encrypting are different. A hash is a one-way distillation of the content that can be used for equality checks; it's likened to a fingerprint. Fingerprints can be used to identify content (and compare one fingerprint to another), but you cannot reconstitute the entire content based on the fingerprint. Hashing is a one-way trip. See the .Net docs on FormsAuthentication.HashPasswordForStoringInConfigFile for a very easy example.

Encrypting can be a round-trip, provided you've got the same security key etc. Folks are usually just interested in the code, and basic/easy examples of encrypting/decrypting are harder to come by, so I'll stop beating around the bush and deliver the code for a quick Console application:

string strVar = getEncryptedText( "Colorado Avalanche", "test1234", "12345678" ) ;
Console.WriteLine( strVar ) ;
Console.ReadLine() ;
Console.WriteLine( getDecryptedText( strVar, "test1234", "12345678" ) ) ;
Console.ReadLine() ;

The above doesn't tell you anything besides demonstrating a sample usage of the following getEncryptedText and getDecryptedText:

private static string getEncryptedText( string strPlainText, string strKey, string strIV )
{
byte[] arrBytes = Encoding.Default.GetBytes( strPlainText ) ;
MemoryStream mem = new MemoryStream() ;
SymmetricAlgorithm symAlg = SymmetricAlgorithm.Create( "RC2" ) ;
symAlg.Key = Encoding.Default.GetBytes( strKey ) ;
symAlg.IV = Encoding.Default.GetBytes( strIV ) ;
ICryptoTransform icrypto = symAlg.CreateEncryptor() ;
CryptoStream cryptStream = new CryptoStream( mem, icrypto, CryptoStreamMode.Write ) ;
cryptStream.Write( arrBytes, 0, arrBytes.Length ) ;
cryptStream.Close() ;
byte[] arrBytes= mem.ToArray() ;
return Encoding.Default.GetString( arrBytes ) ;
}

private static string getDecryptedText( string strCryptoText, string strKey, string strIV )
{
byte[] arrBytes = Encoding.Default.GetBytes( strCryptoText ) ;
MemoryStream mem = new MemoryStream() ;
SymmetricAlgorithm symAlg = SymmetricAlgorithm.Create( "RC2" ) ;
symAlg.Key = Encoding.Default.GetBytes( strKey ) ;
symAlg.IV = Encoding.Default.GetBytes( strIV ) ;
ICryptoTransform icrypto = symAlg.CreateDecryptor() ;
CryptoStream strm = new CryptoStream( mem, icrypto, CryptoStreamMode.Write ) ;
strm.Write( arrBytes, 0, arrBytes.Length ) ;
strm.Close() ;
return Encoding.Default.GetString( mem.ToArray() ) ;
}

These two functions accept a key and IV (Initialization Vector) to encrypt and decrypt the text . . . so you're burden now becomes how to secure the Key (as I understand it, IV is not necessary to keep secret). For details on keeping your keys safe, check out this section from Keith Brown's online book.

If you're looking for a good general source on .Net security, check out O'Reilly's Programming .Net Security. My code above draws on their summary treatment of CryptoStreams and the various .Net implementations of algorithms like RC2 and SHA1, etc.

Happy Secure .Netting!

Posted May 05 2004, 12:32 PM by grant.killian with 1 comment(s)

Exam Tax, Hell, and a UML Nerd Crush for Darrell?

Building on my recent certification post, let me offer a few other sources for certification commentary.

Is Certification a Tax We Developers Must Pay?

Martin “UML and XP Expert” Fowler discusses Agile Certification and comments that “certification has little correlation to competence.” Although I have the developer certs from Microsoft (and even one from Sun Microsystems!), I have to agree with Martin. Just because you have the certification, doesn't make you a strong software developer. In the current climate, employers and particularly recruiters look for buzzwords and acronyms to fill a job -- certifications are an easy benchmark for employers to rely on. I have a friend who got a position with a big IT company and they never did any form of technical interview, mostly because those who made the hiring decisions were in Human Resources and wouldn't know WSDL from WD-40. Having those certifications on the resume make you more attractive to employers, even if all you did was memorize a Transcender exam prep CD. I do the cert exams because it's an insurance policy that I won't get passed over by the less experienced developer who memorized some exam questions; it's like a Software Developer Cert Tax that I'm obliged to pay. Besides that, I do like the intellectual challenge of puzzling out the answers to the questions. Call me compulsively analytical (as my wife is prone to do sometimes).

It's unfortunate and I hope companies look beyond the Certs to see if there is real substance to the candidate. There are other ways to certify, last I knew Java's premium developer certification required submitting functioning applications and source code for review . . . I'm sure it's a pain to grade an exam like this, but just multiple choice questions (or multiple guess, for some people!) can't continue to cut it. As Martin Fowler points out in his post, however, certification has become an industry to itself and has a vested interest in maintaining the status quo.

Cert Exam Hell Narrowly Diverted

Joseph Cooney shares a bad planning for a cert exam experience story. It has a happy ending, though, and Joseph continues batting 1000 in cert exams. For what it's worth, the only cert exam I didn't pass was the old analyzing requirements for VB 6.0 -- I failed by 1 point. Something like 740 was needed to pass, and my score came up 739. This was five years ago, now, and I was still relatively new to the industry . . . but I'm proud to say I took the same exam two days later and passed it with room to spare.

Darrell Norton Has A Nerd Crush on UML

Let's not forget that Microsoft isn't the only Certifier out there. Darrell Norton took the UML Certification exam from IBM earlier this year and lived to tell about it. This is also a way for me to get Darrell back for outting me about my Nerd Crush on Johnnie “Flash“ Robbins. Let's see . . . where was I? I want to take this exam because 1) I think it'd be cool to validate my understanding of UML and 2) I think it's a key way to distinguish yourself in the eyes of customers/employers (see Is Certification a Tax We Developers Must Pay? above) -- UML isn't the sort of thing you cram for the night before (at least I hope not).

Happy .Netting!

Posted May 05 2004, 07:03 AM by grant.killian with 2 comment(s)

A Nugget of Certification Exam Wisdom

I took the Beta 70-340 exam this morning, like Mark and Darrel and some other WeProgram.Netters. I think I did fine on the test, but I'll have to live with the uncertainty until June or July (when the Beta results are made available). I wish I could've studied more for the exam, between Devscovery conference, teaching, and a full-time day job, I didn't have the time to dig into the subject like I would've liked. Oh well.

I will impart this nugget of general certification exam wisdom: find the testing center days before your test date. The pattern is like this:

Grant registers for cert exam online, based on zip code
Grant spends hour prior to exam frantically driving around searching for the testing center

Is it just me, or are many testing centers tucked away in corners of business parks and office centers that are difficult to find? I usually go to ESI (a WeProgram.Net sponsor, by the way), but they were closed for cert exams this week, so I did the zip code based search online (see point 1 above).

When I lived near Annapolis, MD, me and a buddy nearly missed our entire testing window because the test center was on the second floor of this obscure shopping center, with an entrance in the back alley. Seriously. I guess to keep their overhead low, they buy office space in these interesting places. My experience today wasn't all that bad, but I still showed up 20 minutes late because I didn't know the area and once I found the address I figured “there's no way a test center would be in that building” and drove past it.

This is why you should know where your testing location is before the day of your test. There's nothing worse than getting to your exam all stressed about traffic and worrying that you'll miss your test window.

Happy .Netting!