Rene Schrieken

SOA

Highly relevant Relating SOA

Strongly typed resources

I stumbled across this article on code project. It creates a strongly typed class which consumes your resource file (resx).  As it is deployed as an custom tool it will integrate in the IDE and will re-generate your class every time you change the resx file.

I downloaded the source and made some small changes so it will fit in the current Project.

Threat Modelling

I posted earlier about threat modelling

Here is a tool form MS. Threat Model tool

I installed it and indeed there is a place where I actually model with DFD's ... Still feel that I'm better of putting this in an seqeunce diagram

LOL

Raymond Chen is the guy who makes Windows work.... In this blog he explains some of the innerworkings of Add/Remove Programs (you know in Control Panel) . Just read-it and read all the comments. Great stuff ;-)

Configuration section handler

Rolf had some fun today with a refactor of our reports.config. He really should look at this. A shame I didn't found it earlier.

DPC Horror

Did you ever wonder what Deferred Procedure Calls where?

Me neither. But the horror full thing was that in PerfMon I saw that DPCsQueued/Sec where rocketing causing mouse and keyboard events to get lost. I ran every spyware tool I could find and McAfee has seen al my files by now. I've reinstalled every patch from WindowsUpdate and downloaded all tools from Sysinternals. ProcExplorer just showed DPC's but I had no idea which part of my system was generating them. I just want to understand what is going on.

This article on MSDN directed me to the solution. As I understand now DPCs are called by device driver (C++) hackers which enables them to quickly handle an interrupt but postpone the more heavy duty processing to a later moment. I think this makes that our PC's keep on working while we type, mouse move, network, print etc.

Ok, so some Hardware is probably sending interrupts and its driver is putting a lot of DPCs in the queue to get handled. But which part of my system is doing that. Nothing is broken....except for my battery. Can a battery generate interrupts? I find it hard to believe. Until I remove the battery from my laptop. The DPCs disappear! I must have overlooked something: put back the faulty battery, there are my DPCs again and my sticky mouse and my erratic keyboard. Those guys from HP must be kidding me. Remove the battery et voila laptop works just fine.

Is there an DPC debugger around somewhere?

Ingo on Cobol

Ingo Rammer was the presenter of my last session on TechEd 2004. In his talk he showed some stunning ways (tecnically, but also architecutral correct) of loading assemblies. This open ups the oppertunity for extending your app with 'plugins'. There are already some examples of this kind of applications (FxCop for example). Ingo showed in some small demos how you can accomplish this. There are some security ramifications though: with reflection anybody can change anything eithin your app (yes that is anything also private fields)

The demo of the codecompiler was nice to see. I didn't know it was actually used during runtime on some operations (like XMLSerializer).

The use of de codedom was even more funny. The code dom gives you the oppertunity to express code in an document object model. What you actually express is MSIL. But from this dom you can generate any .Net code you want. So you can use that dom to generate VB.NET but also C#. And as Fujutsi is making an COBOL.NET compiler you can output the dom as ... COBOL.

And while Ingo stated that he didn't understand the COBOL code, I have to admit that from my brains memories where emerging... Ingo has asked if anyone is using COBOL.NET in an ASP.NET page to send him the code-behind file, please CC me.

ASP.NET Server controls

Nice session about Server Controls in ASP.NET. Knew a lot of the items shown already. The demo of the TextBox and the Validator was actually shown to me a few months ago by a colleage of mine: Dries. I will do some hacking with this because it's still a very nice and clean way of creating maintable websites.

Async Windows Forms

This was a great technical session  by Juval Lowy on threads in WinForms. Great explanation on how the managed threads are coupled to those darn messageloop from win 3.1. Juval showed us the after some time rather laughable complexity you need to odo over and over again if you  want a wokerthread to update ui-controls on the ui-thread. In Clr2.0 there will be no breaking changes regarding this topic (so everything what works now in 1.1) except for debugging. If you are debugging your app and you actually access an ui-control from an other thread than the ui-thread you will get an exception. During run-time it might work (if it worked in 1.1 it will in 2.0, if it broke in 1.1 it will in 2.0).

In 2.0 the WinForms team created an new control: BackGroundWorker which hides all thread jumping functionality needed. The good news is: Juval created BackGroundWorker for 1.1! So this 2.0  class is now available for all of us. Great! Juval also showed some other clever ways of hiding the complexity of thread jumping by subclassing controls which can also become very usefull.

Tnx Juval!

http://www.idesign.net/idesign/DesktopDefault.aspx (see downloads)

SOA round up

Just one great session on SOA by the comedians Pat Helland, Rafal Luckowiez and Clemens Vaster. One of my colleagues had the follwing comments (and second thoughts) on the matter : http://www.geurtsrus.com/gerke/2004/07/nerd-suit-and-fortune-teller.html

Architecture Clinic

I attended an architecture clinic with Juval Lowy in a small damp and crowed room. Juval was doing a Chalk and Talk was basically comes to the attendees explaining their business nees and Juval doing an architectural design, focussing on services, managers, engines and dataacces. He then takes all this design elements and show how they will fit in the process view, security view etc. It is great to see Juval talk and try to extract the business needs (we had some guys explaining their charity fund raising stuff and I must say Juval had a clearer understanding of what they should do then they had their self). There was one great conversation to the end of the session:

Poor Architect:" I'm the architect, I design those things and then developers start implementing and they just pass-by every layer and go directly anywhere and I tell them to stop and adhere the architecture. What do I say to those developers?" 

Juval: "Do you want me to answer your developers the unpollite way or the politcal correct way?"

Poor Architect: "Uhhhmm, political correct please"

Juval: "Software development is not a democratic process"

I love it!

ASP.NET performance

I agreed with my collegages to attend the asp.net performance session. It was a very practical session. Interesting was to see the use of the Application Center Test tool which I used havilly on a former project. In the slides there where some high-water marks given for the various performance counters so that will be helpful to actually underdstand what you are actually measuring. Als more general tools like CLRprofiler will come handy.

Are there really programmers out there that don't use SqlProfiler? I can't imagine that. We had some discussion on whether to use a Dataset or DataReader: answer: use your own dataobjects and fill them with a datareader. I personally feel that every GUI layer that has a conection to a database (like the datareader does) is poor design so I liked the trade-off.

The the demo shifted to the use Cache(actually OutputCache). Incredible pefformance gain. I never digged very deep into it but a jump from 150 pps to 600 pps is very nice. in IIS6 this performance gain can become better as the kernel mode http.sys actually understands OutputCache hints from the asp.net worker process which means that subsequent request for the same page will be served by http.sys preventing any switch from kernel mode to user mode.

Entity Aggregation flavours

This post is about the session I attended which was hosted by Maarten Mullender. As I wrote earlier, Maarten has a presentation skill in Dutch which makes it rather unpleasant to listen to him for more than 30 minutes. Luckily this talk was in english and Maarten did a great job in explaining his dreams to us. Entity aggregation is needed if in your SOA you come up with a cannonical respresentation of an lets say Customer that differs from the underlying business entities holding the actual Customer (ie SAP, CRM and Outlook) Entity aggregation is responsible for mapping the customer representations of the different under lying business entities to the cannonical form. It is also rsponsible for any update, insert and delete. Maarten thinks that you should prevent too much CRUD like operations on a service. For example in Outlook calendar when you add an appoint on the same time an other appoint is already scheduled you get two appointmens on the same time, the existing appointment is not edited. Try to design/(do some BPR) to get this type of fucntionality. Entity aggregation services come in straight pass trough flavour which take care of the crud operation immediately and an caching flavour where the crud ops are cached in the service and reads can then be served from the cache and updates can be stored and deliverd to the back-end systems at a later moment. Maarten has done an article on keymapping and I will certainly read it.

Wrong, Wrong

Blogging takes simply too long. It is difficult to write down an recollection of the past few hours and fit them in just two or three pieces of text. For this reason I ended up too late for the session on Threading Pleasures and Pitfalls. So I decided to join the session in the Auditorium with all the big names (vasters, lowy, chapel et al). But the after lunchdip kicked in and I ended up in the Forum. When I was seated I realized that some guy was telling me everything about MFC/C++ in Whidbey.

 

Vague memories came floating by when MFC, messageloops and ATL where brought to my attention. The guy explained that the new runtimelibraries will not generate anymore bufferoverruns but that ypou as a developer are still able to create your own bufferoverruns,, stackoverflows and blue screen of death.

 

In the compiler there is one new flag /CLR which you need to compile ypur MFC code to let it run in managed coe. And some new language features exits making it easier to integrate managed types. However simple database apps. ISAPI and parti;;y trusted apps are discouraged and need to be rewritten. Hmm that sounds wrong.

 

Then if you want to use WinForms (managed Windows) you will be limited. There is no way a C++ programmer is going to interfere with handles and command loops etc. They will all be put behind a compiler (or macro) generated proxy class and the only thing they can do is call WinForms via that proxy. The poor C++/MFC guys are put behind bars.

 

The worst thinmg ks still to come. The beta of vs2005 (out in 2 weeks) will lack any support for managed code. And the major advise was; stay put don’t rewrite too much because we have no managed equivalent of MFC and the earliest you can expect anything like that will be with Avalon (that is in Longhorn). If you are a C++/MFC programmer you are on the wrong track.

Sql Hacking, Remoting and Versioning

CTS300 provided tha audience with some prescription on which technology to uses when you implement SOA's. It bascially came down to this order:

1. ASMX (webservice)
2. EnterpriseService
3. .Net Remoting

So asmx is the way to go, it will give the best future proof technical implementation that will migrate without too much pain to Indigo. EnterpriseServices are needed if you want/need transactions and ancient component COM+ integration. However running (distributed) transaction in a service (that might call other services and so on...) might not be the brightiest architecture to opt for. Stay away from the native COM+ api's because they will definitaly not work in Longhorn but System.EnterpriseServices are OK. .Net Remoting will be a fine solution in a system, between services where you need object-based comm (fine-grained, chatty) instead of messagbased comm(coarse-grained, chunky). And .Net Remoting will be used if youi do cross app-domain (inproc) calls.

DEV324 was presented by juval Lowy and covered the complex (and becoming even more complex) topic of versioning. Juval showed based on very quick demo's what the results where for loading the right assembly (fusion) when the assembly is friendly named, strongly named, in the GAC, int he app folder. He als showed the options in the .Net Framework configuration panel to make an app bind to a different version. He pointed out that the CLR2.0 will be almost backward compatiable. So you need some testing to do to be sure every line of code you wrote for the 1.1 framework will operate as expected on clr 2.0. Important is that MS doesn't garantee that any cross-framework use of assemblies will be supported . If you absolutely need a System.[anything].dll from 1.1 just make sure your app uses the 1.1 CLR. If you start using System.data.dll from 1.1 and System.xml.dll from 2.0 the results are not known, not tested and MS gives no support on that kind of use (I think they are right).

I already knew something about Sql-hacking (take down a SqlServer) but on SEC401 I've seen that there is still a lot to be done to get all code and the configuration of sqlserver thightened. Some great sql-injection attacks where shown and a colleague will go the advanced session this afternoon where they actually will try to bring down the sqlserver. In the DTS package the connection info (including user/pwd) is stored. Many customers send their DTS package to MS for inspection when they suspect there is some kind of problem. As MS can decrypt anything in the package, MS is in the possesion of a lot of SA passwords of a lot of their customers. Lesson learned: don't use SA (or any high-priveledged account) int the connection settings in your DTS package. Second Lesson Learned: Don't send DTS packages to MS ;-)