-
Saturday, September 04, 2010
In the world of the web, we have lots of security concerns. One of the concerns lies with cross site scripting, XSS. From a high level, XSS is any occasion where data is sent from code on a page from one site to another site. The code is usually via JavaScript, though flash and Silverlight are included in the terminology and mitigations. One way around this that is generally viewed as safe is JSON with Padding, aka JSONP. The way JSONP works is this: you pass an HTTP GET request to retrieve a resource from another site which you do not control. The request contains two pieces of information: 1. The resource you want to retrieve. 2. The callback function that should be executed when the resource is returned. What makes this safe? The callback function is always something that you control. It is assumed that if your callback does ...
Full story
-
Thursday, September 02, 2010
Mark and Clark over at developersmackdown.com just published ‘my’ show: http://developersmackdown.com/archives/SingleShow/30. We spent time talking about REST and SOAP as well as a number of other topics related to REST. One of the things that I don’t think was made clear enough was that REST and SOAP are not competing service techniques. Each technology/interface type has an appropriate use case. When integrating applications within an enterprise, the development team needs to worry about: - Security - Transactions - Reliable delivery of messages - Integration with tooling for other developers In the enterprise case, WCF + SOAP/WS-* can make integration between systems pretty simple. Yes, the teams may struggle with getting the security setup just right between domains, but overall, things will go well, especially if the setup requires communicating between different WS-* implementations. Finally, enterprise integrations typically happen for applications running on the same network/VPN. The infrastructure for an ...
Full story
-
Saturday, August 28, 2010
Planning is in full swing for the Fall 2010 Day of .NET (DODN) conference in Grand Rapids on Saturday October 23rd, 2010 at Calvin College. The theme for this year is "Open to the Future". The theme combines two important trends in developing with .NET - "open" and the "future". On the "open" side there has been a lot of activity in opening up the platform, creating open source projects and libraries, enabling projects to work well in a mixed-IT environment, and opening up data to diverse applications. On the "future" side we see .NET 4.0 and Visual Studio 2010 which brings many new capabilities to the platform. What this means for potential speakers is that there is a huge range of topics for you to consider. While this event is a "Day of .NET", speakers are encouraged to submit talks that span the spectrum of technologies being used in ...
Full story
-
Thursday, August 19, 2010
The current economic condition is hitting everyone pretty hard, even developers. For developers, part of the challenge in finding that next job is having the right, up to date skills. To help folks get those skills, Arnie Rowland and a number of other MVPs got together to pool MSDN subscriptions. This year, every MVP gets 3 MSDN Universal Subscriptions- 1 to use and 2 to give to worthy recipients. To pick a worthy recipient, an unemployed or underemployed developer needs to propose a software project for a non-profit agency, school, or church to be assisted by Project Phoenix. Arnie and his associates will then pick at least one project week to ‘fund’ with the MSDN Universal Subscription. A number of other companies joined in to offer more resources to help the selected developers make the most of this opportunity. Publishers have donated books and software companies have donated tools. ...
Full story
-
Monday, August 16, 2010
Shortly after TechEd, my friends at Pluralsight put me in contact with DZone.com to create a WCF 4.0 RefCard. The requirement for the card was to boil down the essential things one needs to have available in order to program against WCF 4.0 into 6 pages of content. WCF is huge, so the challenge was to only include the really important stuff. Please take a look at the card. I’d love to hear your feedback.
Full story
-
Wednesday, July 14, 2010
As developers, we need our knowledge of our platform to have depth as well as breadth. Typically, we gain depth through projects we take on. For example, we might learn MVC by converting a WebForms application to ASP.NET MVC2. Acquisition of depth is almost passive. Once we commit to the big project, we get the depth simply by finishing the job. To acquire breadth, we do other things. Any developer with significant breadth does most of the following: read blogs, read magazines, read books, attend conferences, and listen to podcasts. In the past few months, I found a hidden gem; I started listening to the Developer Smackdown. I’ll admit, I started listening because my area got a new Developer Evangelist, Clark Sell, and I just wanted to learn more about him. I’ve gone from stalking to the point where I look forward to the semi-weekly podcasts. During the ...
Full story
-
Friday, July 02, 2010
The Azure ServiceBus Access Control Service was updated on July 1, 2010 with a very nice surprise: it has policy files in place for Silverlight and Flash! A week ago, I had written some code that redirected authentication requests and so on so that my Silverlight code could authenticate against the ACS. Today, I saw a post that the service had been updated. So, I went ahead and tried it out: Silverlight: https://[your service].accesscontrol.windows.net/crossdomain.xml Flash: https://[your service].accesscontrol.windows.net/clientaccesspolicy.xml Note that both of these are policies that allow ANYONE to send messages to the ACS. crossdomain.xml has this in the body: <cross-domain-policy> <allow-access-from domain="*" secure="true" /> <allow-access-from domain="*" secure="false" /> <allow-http-request-headers-from domain="*" headers="*" secure="true" /> <allow-http-request-headers-from domain="*" headers="*" secure="false" /> </cross-domain-policy> I’d like to see options via the SDK or the admin UI that allow me to turn on global access or per website access. This is something ...
Full story
Azure
-
Tuesday, June 29, 2010
If you are LinkedIn with me, you’ll see that I listed a new position: Microsoft Regional Director – Chicago. This is NOT a paid position with Microsoft. I noticed that other RDs I have as connections do list the RD role as current with Microsoft as the current employer. LinkedIn doesn’t have a mechanism to show that I’m connected to Microsoft as a ‘unpaid opinionated person.’ I’m pretty excited about this opportunity. In 1995 (the year I graduated college), I looked out at the technology landscape and noticed that software developers can do well if they pick a technology stack and learn it as deeply as possible. At that time, it looked like I should either learn Sun Unix, some embedded toolkit, or Microsoft Windows. Microsoft had more desktops and I wasn’t an electrical engineer, so that’s the direction I picked. Since then, I’ve written books on the technology, ...
Full story
-
Sunday, June 27, 2010
I’ve spent the last few weeks working on some recordings for Pluralsight on Demand. I’ve been working on a course, .NET Distributed Systems Architecture. It was published this Friday. Please give it a listen and tell me what you think!
Full story
-
Thursday, June 24, 2010
Today I had to build a demo for Azure and I noticed that I was following a tired old path where one demonstrates Azure storage services (Table/Queue/Blob) via a hosted application. My demo has two key points: 1. Look, there’s a picture that I uploaded! 2. Look, these processes can send messages via the queue! The kicker was going to be that the messages are exchanged over the Internet, not the demo environment. I wanted a visible resource, an image of penguins, to be visible via a public URL. That was going to be the cool part.Then, I thought- “Well, the Azure SDK is just a bunch of libraries. The libraries should work fine in a console application, right?” Right! And guess what: the demo actually works pretty slick because I can demo the storage service in isolation. I don’t need to demo it with a deployed application. That helps ...
Full story
-
Wednesday, June 23, 2010
I’ll be doing a beginner's talk on WCF tomorrow night at the Chippewa Valley .NET Users’ Group. Details are here: http://cvnug.wi-ineta.org/DesktopDefault.aspx?tabid=73. I’m looking forward to meeting some new people!
Full story
-
Monday, June 21, 2010
One of the things that is great about integers and longs is that they are easy to remember. However, when using this as identifiers that a human should be able to type in, they leave a lot to be desired. A integer in the billion range requires a user to enter 10 digits correctly. That’s hard to read, hard to keep your place, etc. There is a solution to this issue: represent the data using a radix other than 10. For English speakers, a radix of 36 is easily readable and maximizes the density while allowing for case insensitivity (no one wants to remember if they should type z or Z!). Consider this, the value for int.MaxValue is written out as: 2147483647 As base 36, it is zik0zj 6 characters instead of 10. Nice! To do this, I wrote a simple function that converts a long (64 bits!) to any ...
Full story
-
Tuesday, June 15, 2010
This question came up on Twitter. I’m posting the solution here for posterity. How do you read a non-seekable Stream into a byte[]? Specifically, a HttpWebResponse? Like this: class Program{
static void Main(string[] args)
{
var request = WebRequest.Create("http://www.scottseely.com/blog.aspx");
var response = request.GetResponse() as HttpWebResponse;
var stream = response.GetResponseStream();
var buffer = new byte[int.Parse(response.Headers["Content-Length"])];
var bytesRead = 0;
var totalBytesRead = bytesRead;
while(totalBytesRead < buffer.Length)
{
bytesRead = stream.Read(buffer, bytesRead, buffer.Length - bytesRead);
totalBytesRead += bytesRead;
}
Console.WriteLine(Encoding.UTF8.GetString(buffer, 0, totalBytesRead));
}
}
Full story
-
Sunday, June 13, 2010
One of the interesting things that came out of WCF is the improvements in Infoset serialization. In particular, WCF introduced a format for binary serialization which reduces space concerns for objects. One of the keys to saving space is the notion of an XmlDictionary. The WCF serialization folks asked the questions: How much could we reduce the size of a message if we allowed the parties communicating to exchange metadata about the messages? What if we could reduce the size of messages by exchanging aliases for the XML Infoset node names? The result of this what if experiment is the XmlDictionary and XmlBinaryWriterSession. The mechanism is astonishingly simple. Assume that both ends have a mechanism for exchanging information about what to call the two parts of a QName: name namespace and the name of the node. Instead of sending namespace:element qualified items, send aliases. This works well in WCF messaging ...
Full story
-
Monday, May 17, 2010
I’ll be speaking at the Chicago Architects Group on May 18 over at the ITA (next to Union Station in Chicago- corner of Adams and Wacker). My topic is Azure for Architects. In this talk, I go over how to look at and use Azure from a software architecture point of view. Unlike most Azure talks, this one has no code in it—just concepts. This isn’t the type of talk I normally give, but given the crowd, architecture and slides will work better than whiz bang demos. The slides are here if you want them. I tend to use slides as guideposts when I present. Please don’t look at these slides as notes. 80% of the presentation is in what I say, not in what you can read. I’ll try to record the presentation as well and will put up the recording if the quality is good enough. There are ...
Full story
-
Friday, May 14, 2010
Over on the HighScalability blog, there is an interesting post on how Sify.com handles scaling the web site to 3900 requests per second on just 30 VMs (across 4 physical machines). In the Future section of the article, the notion of using Drools for cache invalidation really grabbed my attention. Drools is a rules engine that implements the Rete algorithm to resolve rules. The Rete algorithm emphasizes speed of evaluation over memory consumption. Rules engines that support forward chaining and inference will normally implement Rete in some form. BizTalk (and I would assume Windows Workflow Foundation) also use Rete. It was the notion of using a rules engine that really grabbed my attention. One of the problems with cache invalidation is that the easy stuff to cache is just that, easy. No thought is required to cache the front page of your web site. But, if your website is ...
Full story
-
Thursday, May 13, 2010
I gave a talk at Milwaukee Area Technical College where my friend, Chuck Andersen, teaches a software engineering class. I promised the students to put up some interview study resources. This is the set of things I do to prepare for more in depth interviews so that I clear the algorithm questions when folks do a technical screen. I really hate the idea of being passed over because I haven’t thought about some undergrad algorithms in a few years, so I get these things back into the more recent memory parts of my brain. My study resources are: Programming Pearls by Jon Bentley: 256 pages of good review material The Algorithm Design Manual by Steven Skiena: Amazon has the wrong page count on this one: 486 pages of great review material. Get the Kindle version—this appears to be out of print and valuable otherwise. I know I ...
Full story
-
Monday, May 10, 2010
My last day as someone’s employee was Friday, May 7. As of today, I have completely jumped into the world of the self-employed. My wife and I started a company named Friseton, LLC (yes, I married I developer!). What does Friseton, LLC (which is really just me and my wife) do? Well, I’m glad you asked. We consult on distributed application architecture and development. I personally have worked on architecture for small applications with only a few computers to systems with thousands of cooperating computers. I have worked on architecture in both traditional enterprise applications as well as for one of the five most popular web sites on the planet (circa 2008/9). We’ve also invested a lot of time into understanding and developing on Azure, Silverlight, and Windows Phone 7. As the firm grows beyond the first two founders, we expect to also invest time into release applications on Azure ...
Full story
-
Friday, May 07, 2010
Just the other day, Derik Whitaker ran into some issues setting up his ChannelFactory to handle large object graphs being returned to his clients (post is here). After some back and forth through email, we came up with a solution. Instead of use the default ChannelFactory<T>, we created a new class that inherits from ChannelFactory<T> and sets the DataContractSerializerBehavior to handle int.MaxValue objects in the graph. The trick is to override the ChannelFactory<T>.OnOpening method. This method is called as the ChannelFactory is opened and allows a derived class to alter the behavior at the last minute. All OperationDescriptions have a DataContractSerializerOperationBehavior attached to them. What we want to do is pull out that behavior and set the MaxItemsInObjectGraph property to int.MaxValue so that it allows all content to be serialized in. Derik’s use case was valid—he owned the client and server and wanted to incur any penalty associated with ...
Full story
-
Tuesday, May 04, 2010
People have lots of complaints around WCF. For the 3.x codebase, many don’t like the amount of configuration one has to write or code in order to get a service up and running. For example, let’s assume that we have a simple service contract, IEchoService. [ServiceContract(Namespace="http://www.friseton.com/Echo")]
interface IEchoService
{
[OperationContract]
string Echo(string value);
} The class is implemented by EchoService: class EchoService : IEchoService
{
public string Echo(string value)
{
return value;
}
} In .NET 3.x, we would then have to setup some endpoints, each endpoint specific to the protocol we wanted to understand. We had to remember things like “URLs that begin with net.tcp use the NetTcpBinding.” For intranet and local machine communication, this is a pain in the butt. In .NET 4.0, the common case of taking the defaults is much easier. If you plan on listening at the base URL(s) ...
Full story