Friday, 18 December 2009
Tuesday, 24 November 2009
Friday, 20 November 2009
This is where you select what to install. By default the Worker and Distributed Cache Service components are selected. The Worker component is for the Workflow and Windows Communications Frameworks parts of AppFabric. Assuming you're just interested in the caching side, unselect Worker and select the others.
Then we're into the caching configuration screen. If you installed one of the Velocity CTPs this will look fairly familiar.
Note that the connection string is using Integrated Security. And you can't change it. And you can't set the account that AppFabric runs under.
I liked the old installer where you entered your own connection string. It had a couple of quirks about what it considered to be a valid connection string, but that was OK because I'd learnt what they were. Now I feel like I've lost an element of control - I'd rather decide myself that I want Integrated Security, thank you.
And this is as far as I've got on my Velocity demo setup. Every time I finish the install, it installs the caching engine but fails to configure it. I suspect this is because although I have a network of virtual servers set up, I now need to add a domain and accounts so that the Integrated Security works.
To be continued...
Saturday, 31 October 2009
Tuesday, 13 October 2009
As your laptop boots, hit [Esc] to get into the BIOS setup. You should then get a prompt at the top of the screen that reads 'Check system and press F1' - hit F1 to get into the BIOS. On the first page of the BIOS on the right-hand side is a pane for virtualisation, with a setting for enabling it - it was disabled on mine, I suspect/assume that's how they leave the factory. Highlight the setting, hit [Space] to change it, then hit [End] to save your changes and restart the machine. Let it boot into Windows, fire up Virtual PC, and you should now find that hardware-assisted virtualisation is enabled.
Edit: In my excitement to post this, there was something I forgot to add. I'd saved my running virtual machines, however when I fired them up again after enabling hardware virtualisation they would not run correctly. I needed to clear the saved state and fire them up again from scratch. Not an issue particularly, just something to be aware of.
Thursday, 24 September 2009
They are moving to being an entirely online publication, which means I probably won't see anything more from them - not only do I get prompted to actually read it when the physical magazine turns up on my desk, but I think things sink in deeper when I read them from a tangible page than a virtual one. And I won't get either of those benefits from looking at their website, assuming I remember to hit it at all. I see their website, ironically, still has the link offering free subscriptions.
They also run the DevWeek (where I had my first real objects epiphany) and Software Architect conferences, although I always felt they never really made the most of these assets - they had high-quality people like John Robbins, Jeff Prosise and Don Box around and never got them to produce any articles.
Tuesday, 11 August 2009
I had my laptop rebuilt last Friday, so I've spent the last two days at InstallFest :-) (I would have done most of my installing over the weekend but due to a slight oversight IT forgot to make my account an Administrator so all I could was download installers).
I started installing SQL Server 2008 Developer last night at home, but hit a problem with it. I tried again and got the same error, the exact text of which I'm repeating here in case someone Googles for it:
"Wait on the Database Engine recovery handle failed"
I put it down to a flaky connection to our VPN (a reasonable guess since our VPN has been playing up for me for a few weeks, although I think me and IT solved this between us this afternoon), so I tried again this morning in the office. Same result.
I Googled the error and found KB960781 which has the exact error message, but applies to upgrading SQL to SQL 2008 where the sa account has been renamed. As I was doing a clean install, this wasn't likely to be my culprit.
However, my fourth install attempt succeeded! What changed? I'd been configuring the SQL services to run under the Network Service account, but for this install I changed the account to the local System account. I'm guessing I could now change this back to Network Service, but I'd rather not chance it. What was the underlying issue? Frankly, I've no idea - my working theory is that there are some permissions missing from my Network Service account.
Friday, 7 August 2009
I knew I was in trouble when I fired up my laptop and the Velocity Powershell console showed an error immediately. So I tried to fix it by uninstalling and reinstalling only to discover that if you have no network connection Velocity will not install. At all. It makes no difference whether you're using a network share on the local machine to store the cluster config, or trying to store it in a SQL database on the local machine - no network, no cache.
So I'd like to thank everyone for listening and offering suggestions as to how I might have got things working faster. I've put my slides up at http://philippursglove.com/velocity , but I'm doing a bit more work on the demos, I'll put them up later this week.
Wednesday, 1 July 2009
As soon as I finished it I felt like I should pick it up again and start from scratch - it's easy to see why people read it once a year. It's also easy to see why those who have read it suggest that everyone else should read it too - it's chock full (and I mean it's absolutely full at 862 pages plus bibliography and index) of tips, suggestions and methods to enable you to be a better developer.
I loved the checklist at the end of each section that you can apply to your development processes - these are also available (registration required) on the book's website though it's a slight disappointment that they aren't available as a Word or PDF download.
The message of the book is that creating high-quality software doesn't have to cost more and/or take longer than creating low-quality software, and it then lays out tools to help you do that.
What didn't I like? McConnell talks in several places about programming into a language rather than programming in a language, and if I'm honest I'm not qure I entirely got what he means with this. And I found it a bit dry in places, but then I'd expect a book on software engineering written by Matthew Reilly (whose books are faster paced than anything else I've ever read) to be at least a little dry.
And I can already report some success traceable directly to Code Complete; I've tried laying out some code in a class using pseudocode that then forms the comments in the body of the code. And it is definitely a useful technique as I found it did make me think about the structure of the code before writing the code itself. So something to take forward there...
What's next for me? I may read it again in a few months - I suspect it's going to go round all our team first as I have two takers lined up already. In the interim, I have Professional ASP.NET MVC to read. I guess I should also read Writing Secure Code as I haven't read that either!
Wednesday, 24 June 2009
I've updated the slides and code samples at http://www.philippursglove.com/ScalableASPNET - the Velocity demo is now updated to Velocity CTP3. I re-ran the Velocity demo yesterday morning and it worked perfectly. I suspect that it failed on Tuesday as my laptop couldn't contact a domain controller to verify my admin credentials :-(
Tuesday, 26 May 2009
How To Stop Your Website Being Stung
I was pleased to see this session from the ever-present Barry Dorrans as I'd wanted to see it at WebDD but went to Andy Westgarth's session instead. Barry took us through the OWASP Top Ten list of web application vulnerabilities, and demonstrated how to mitigate against them in code. This was a really good session for me as it's directly relevant to some security testing I've been involved with recently. Among the highlights were:
- Use the PrincipalPermission attribute to protect your code.
- When outputting user-entered content, HTMLEncode it - this protects you against persistent cross-site scripting that makes it past your input checking.
- Use the AntiXSS library's HTMLEncode method rather than the HttpServerUtility object's version as the AntiXSS library has more tests.
- Don't trust MIME types for uploaded files - I didn't know you could futz with this, although in retrospect I don't know why I'm surprised either.. And obviously never trust the uploaded file's extension (hangs head in shame).
- Use salts every time you do any form of encryption.
- Don't leak information. This could be through viewstate, or a YSOD.
- Pages have an OnError event, which you can use to call Server.Transfer to switch to your error screen, which doesn't indicate to the client that an error occurred.
WebForms vs MVC
I'd been looking forward to this meeting for a couple of weeks, and I wasn't disappointed. Billed as Clash of the Titans, this featured Phil Winstanley speaking for WebForms and Sebastian Lambla on the side of MVC. It was the first time I've seen Seb present, and he's, um, energetic :-) I thought Seb got sidetracked into more of a TDD demonstration halfway through rather than keeping on topic with MVC. It was interesting to see Phil do some ASP.NET testing with WaTiN - it's something I must look at. There's a DDD session waiting to happen for someone to do some comparisons between WaTiN, Selenium and the Lightweight Test Framework - ASP.NET Testing Smackdown anyone? Nice to see SessionPageStatePersister make an appearance too - everyone should use it!
As holder of the WebForms Thumb (you had to be there!) I'd love to report that Phil carried the day, however commentators agreed it was a draw, but it would be interesting (hint hint guys!) to see a 'rematch' once there is some guidance on what types of application suit either school of thought - this is definitely the weak spot with MVC right now.
Tuesday, 28 April 2009
We had some security testing done on our main web app a few months ago, as a result of which we did work around things like password expiry, complexity etc. We got retested last week and we've been asked to review three points, which I've been looking at today.
One of the points was that on our login page, our password textbox is auto-completable. So I edited the page today to add "autocomplete='off'", however as I started typing Intellisense kicked in and revealed to me the AutoCompleteType attribute. I'd never seen this before! There's a whole Enum of options you can use for autocompletion, or if you set AutoCompleteType="None" then input elements that share a common ID will share their values for autocompletion.
To output "autocomplete='off'" the ASP.NET markup is
However when I was checking the output in View Source, the autocomplete attribute wasn't being rendered at all, presumably because, duh, it opens a security hole. So how did our testers pick up on this? We suspect they'd used the 'Do you want
I dropped some project work onto our internal test site last week, where I've done some enhancements and also moved the project up to ASP.NET 3.5 and added a couple of UpdatePanels with some controls from the AjaxControlToolkit. I had an email today from our user who is doing some testing, who said that some of the buttons didn't seem to do anything eny more. I ran the project upon my laptop, checked it and found I was seeing the same behaviour. I dug into the code and reminded myself that the buttons that weren't working, worked by emitting some script using ClientScriptManager.RegisterStartupScript.
Knowing that the major change to the page was to add UpdatePanels, it didn't take much to deduce that a combination of UpdatePanels and partial page rendering had broken the RegisterStartupScript model. But how to solve it? My first thought was to change the ScriptManager's rendering mode to disable partial page rendering on the basis that if you re-render the entire page then a startup script might be correctly emitted, however on trying this I learned you can't change the rendering mode in any event that occurs after Page_Init. But I did spot that there are several other methods on ScriptManager, including one called RegisterStartupScript. I swapped out my calls from ClientScript.RegisterStartupScript to ScriptManager.RegisterStartupScript, ran it up, and success, my buttons were functional once more. And I should go on to learn the other methods of ScriptManager...
Sunday, 19 April 2009
ASP.NET 3.5 - Miss something? - Dan Maharry
This was a really interesting session covering a number of out-of-band releases from Microsoft that may have been a little overshadowed by the ASP.NET MVC release. For me, the high points that I need to go off and investigate further are:
Lightweight Test Framework
This is a framework which was initially used internally by Microsoft's QA teams for ASP.NET but has now been released on Codeplex. It is a single DLL which works cross-browser and supports integration testing for ASP.NET sites. It also supports AJAX callbacks.
AJAX HistoryState and Back-button Support
This is a feature that was added in ASP.NET 3.5 SP1. It provides a method enabling the Back button to be fully supported by AJAX postbacks so that the browser's History list includes entries showing different states. I'm afraid I threw Dan a little bit as I asked about how well supported this is across different browsers - my thoughts were that I could see this would work with IE but I wasn't really expecting it to work in Firefox (or, to be frank, any other browser). However Dan confirmed that it does work in Firefox, though he hadn't tested it in against the other browsers. Definitely one to look into.
This is a method by which a number of JScript references can be combined into a single file, meaning your site only has one file to download instead of opening up a number of connections to download seperate files. I was unsure about this from a scalability point of view as it involves referencing scripts inside the ScriptManager control (which normally prevents the browser caching scripts since the URL is different for each postback), however the combined file is also put into the output cache instead of being compiled on the fly.
This was Dan's first time presenting at a DDD but I thought he presented very well and I'd like to see more from him in the future.
What's Good in .NET 4.0 and VS2010 - Alex Mackey
This session covered a number of things from the next release of the CLR and Visual Studio 2010. The things that stood out for me from this session were:
The improved code editing experience, including highlighting of every instance of a method call whenever you enter one of them, and showing the hierarchy of calls down to the method you are currently editing.
Something called variance and contravariance - I'll be honest, I didn't understand this. At all.
Much better control around disabling Viewstate, including better support in the grid controls around working without Viewstate.
Static client IDs for controls.
The ability to compress Viewstate (though attendees to my session will have seen that this is possible in ASP.NET 2.0)
Environment-specific changes for web.config files e.g. web.config.debug, which looks like a mix of XSLT and the .dconfig configuration deltas from the Enterprise Library.
Better server-side control over META tags, for those developers interested in SEO-type activities.
Performance improvements - up to 10x better performance.
A new workflow type, the Flowchart, which is a hybrid between the existing Sequential and State Machine workflows.
It will be easier to include information in a workflow, hopefully remving the need for the ExternalDataExchange object.
Overall, Alex' recommendation was that if you're currently thinking of developing a workflow application, wait for this version. This was particularly relevant for me, as I'm currently looking at a workflow app for a project at work.
I want it on that one, that one and that one! And it all needs to be synched! - Andy Westgarth
This session from VBUG Chairman Andy Westgarth covered the new Web Deployment bits coming from Microsoft. This tool is built on top of MSBuild and allows you build deployment packages to be deployed to IIS. These packages are not MSIs, the idea of the tool is to produce a package that can be passed to IT types without the need to handhold them as they deploy your application.
ASP.NET 4.0 - Mike Ormond
This session from Mike Ormond of Microsoft was, like Alex, concerned with .NET 4.0, however it was much more focussed on ASP.NET. The highlights I picked out were:
VS2010 is going to be productivity-focussed - there will be a new range of snippets for both HTML and AJAX authoring, although Mike pointed out that a snippet called 'requiredfieldvalidator' doesn't actually save you much typing. A nice feature is that when you add a validator, it will try and attach itself to the nearest control that can be validated - nice, but it seems Microsoft haven't grasped that not many people use the designer, they code the HTML in Source View.
Mike covered some of the new provider-based caching functionality and demonstrated a custom cache provider. Velocity was mentioned, but only as one of the available providers. Mike also mentioned that the existing System.Web.Cache namespace is likely going to be moved to a more general namespace, which explains the decision of the Velocity team to change their namespace - it seems likely to me that SYstem.Web.Cache will become System.Data.Caching. This is a small change but will clear up a lot of confusion over whether you should use System.Web.Cache in a WinForms application.
In WebForms, the need for the CSSFriendly adapters will go away - controls will be much easier to style in CSS out of the box. Mike also covered the Routing engine (which was split off from the MVC effort) which gives you much better control over URLs you generate inside your application, and the NamingPanel, a new control which is part of increased control you will have over client IDs.
I'd have liked to have seen Andy Gibson's session on jQuery but it was on at the same time as me :-( however all the sessions have been videoed so I will be able to see it on the web!
I had a great day, it was just a shame I couldn't stick around for beers afterwards. Next time!
Saturday, 18 April 2009
I had a few questions afterwards over coffee, which were:
Q) Output Caching. Can you VaryBy things other than elements in the QueryString?
A) Yes, there are a range of VaryBy options: VaryByContentEncoding, VaryByControl, VaryByHeader, and VaryByCustom. In each case ultimately it boils down to a string. There's a discussion of all these options on MSDN, but basically VaryByContentEncoding's probably not going to help you too much since this looks at what encodings your browser can accept e.g. compressed content (and remember that I mentioned all the current browsers (and previous generation browsers) can accept compressed content). VaryByHeader looks at a semi-colon seperated list of HTTP headers. VaryByControl looks at the controls declared inside a UserControl. VaryByCustom is perhaps the most interesting as it allows you to roll your own scheme by implementing GetVaryByCustomString in your Global.asax file, or if you set it to 'browser' it caches page instances based on the browser name and major version.
Q) Is there a reason not to use VaryByParam=*?
A) VaryByParam=* will cache pages on all combinations of elements in the QueryString - I can only tell you what it does, it's up to you to decide whether this facility is going to fit into your application or not.
Q) Can you cache objects for longer than 20 minutes?
A) Yes. If you use sliding expiration, it takes a System.TimeSpan object. TimeSpan has three constructors - I used the hours/minutes/seconds constructor, but there's nothing to stop you using the second constructor which adds a days parameter onto the constructor. Bear in mind, however, that doing that means you're sacrificing that much memory on your server for that length of time. As with so many things in scalability, it's a trade-off...
Q) Do you need command-line access to your server to enable a SQL database for SQLCacheDependencies?
A) No. There's two options here: one is to keep in mind that the ASPNET_REGSQL command-line tool takes a server name from the -S parameter - this can be any SQL server that is on your network, you don't have to run the tool locally to the server you're enabling.
The second option is to use the SqlCacheDependencyAdmin static class, which gives you the ability to programmatically enable and disable databases and tables for cache dependencies.
Thursday, 16 April 2009
However I contacted the Velocity team and they sent me instructions for manually removing CTP2.
"Note: To un-install Velocity CTP bits use 'Add-Remove Program', however for scenarios where a user is unable to un-install e.g.
'Add-Remove Program' entry is missing, following workaround of using manual steps for un-installation can be used, but they need to be done at users discretion.
Below steps assume removal of Velocity Service and product from a single machine, to un-install multi node Velocity cluster below steps need to be performed on each machine (node)
1. Under 'Administration Tools' -> 'Services' ensure that Velocity service DistributedCacheService with Display Name "Microsoft project code named "Velocity" is stopped
2. Go to Command Prompt and use SC.EXE command to delete velocity service i.e.
SC.EXE delete DistributedCacheService
3. To ensure removal of entries from 'Add-Remove Program' for existing 'Velocity Installer', Download and install 'Windows Installer Cleanup Tool' as per following KB
http://support.microsoft.com/kb/290301 , Or directly from
Launch the above installed Tool and from the list choose 'Microsoft project code name "Velocity" CTP2' and select Remove
4. Next delete files under installed folder, typically under \Program Files\Microsoft Distributed Cache\V1.0
5. Remove 'Firewall Exception' for DistributedCacheService
6. If Cluster Config Store chosen during installation was 'XML'
or 'SQL Server Compact' then remove the files from the Network Share Folder (which was provided during installation)
Else if 'SQLClient Provider' was used as the Cluster Config Store then -
Drop the database (provided as 'Initial Catalog' ) which was mentioned in the connection string during installation.
or, To avoid Dropping the database in case you want to keep it, you can also just drop the table 'dbo.config' present in the above mentioned database."
I haven't tried these instructions out yet as I don't want to fry my laptop ahead of WebDD this weekend but I will try them next week and report back.
UPDATE: I ran through these instructions last week, for me they worked perfectly. The only thing I struggled with was the fact that IT have locked down the UI for firewall exceptions so I couldn't remove the ones I had set up. However I was able to remove them by hacking the Registry.
I now have Velocity CTP3 installed - details coming soon!
Friday, 3 April 2009
Yesterday John Robbins wrote something of a call to action: read Code Complete and write a 'book report' on it as a comment in his blog.
Guilty confession time: I've never read it, despite it being on my desk for a number of years. It's not something I'm proud of, but I'm confessing. And I'm undertaking to answer the call: I took it home last night, and I'm going to read it (as soon as I finish the excellent Six Sacred Stones). I'll post my review here as well as on John's blog, and I encourage everyone to do the same.
Thursday, 26 March 2009
I'm looking forward to running it again, this'll be the third outing. Maybe Barry'll get to it this time...
Update: Delegate registration is now open. Book early to avoid disappointment.
Wednesday, 4 March 2009
Update: I just figured out why the aspnet_regsql command-line was failing when I tried to enable my Northwind database for caching. I hibernated my laptop when I left the office on Tuesday afternoon, on Tuesday evening when I switched it back on it couldn't contact our domain. So when I tried to run aspnet_regsql with the '-E' switch for integrated authentication, I couldn't be authenticated against our domain and consequently SQL Server's security (correctly) wouldn't let me do anything. If I'd instead used the '-U' and '-P' switches with an administrator username and password it would have worked.
Thursday, 19 February 2009
Once I've come up with some words about myself I'll be submitting my scalability in ASP.NET session. I'm also trying to write a session on scalability with Velocity - maybe this'll be the kick I need...