With this regular writing task to spur me on I expect (and hope) to be doing alot more blogging as well...

To look it over go to the Windows Azure Offers page at Microsoft.com and get going. You might not have a project that fits the Azure model currently, but you will. I am working on a new product for DTS that will have an Azure component and while it is still off in the horizon the time to jump in is before you are behind.

If you are interested watch the podcast url or my blog (here) for the first show when it releases.

It turns out that I purchased a web site a little over a year ago that supports gamers who play World of Warcraft (a game I have played for years). The site gets about 100,000 unique users a month with just shy of a million page views a month. The site was written in PHP against a MySQL backend and is just not driving the revenue yet to justify porting it to ASP.Net and SQL Server (though as you will read here the balance of pain is shifting that equation). It turns out that we end up rebooting the system pretty damn often which was a problem with IIS back in the old days, but not one I have had in recent versions.

We have thrown more hardware at the system, brought in professional help and it just seems that at these levels of use the system runs down and needs a kick and sometimes intensive care.

My point here is that it has been an education for me to validate what I suspected, there is no magic with the non-MS stack. It can hang in some regards, but it seems that for really heavy loads, MS has got them beat on stability. I am working on an ASP.Net with SQL Server site now that handles similar traffic and it just doesn't suffer the same issues.

I plan to dig deeper into the tech here if for no other reason to figure out what it takes to port the site to ASP.Net with SQL Server.

It turns out that I have come to a couple of conclusions that I will surely post more about in the future, but for now here is the overview.

First there were several Windows Azure announcements that have swayed me from skeptic to seeing a real chance for Azure to be a contender. Chief among my concerns was the fact that I just didn't see companies doing a big rewrite just to leverage a cloud solution. Now it is much easier to port an existing application to Azure and there is the option to customize the hosted image. I also saw a demo that no one else seems to have noticed (or I was imaging things). I could have sworn I saw a demo where SQL data hosted behind the company firewall was opened up for consumption by an Azure hosted application. I plan to watch that keynote again to make sure I know what I am talking about so consider this a disclaimer.

Second, I am now confident that Microsoft will not abandon either WPF nor SilverLight developers since there were already announcements to make both able to run with the same assemblies. A small step, but when coupled with the fact that VS2010 is built with WPF I think the two technologies are both valid for development (I was worried about the future of WPF until recently).

There was of course more, but those will have to wait for other posts.

Back in August Steven Sinofsky posted a very insider view of how the Windows 7 team triaged bug reports on the Windows 7 Engineering blog. Microsoft products enjoy (a mixed blessing) more previewing eyes and shared opinions than most everyone. The bottom line you have to understand to put these things in perspective is that the creator of the software is on the hook for supporting, maintaining, justifying and profiting from their product. While the customer is always right about what they want, they aren't always right in their belief of how my product should work.

Case in point. I have worked with and for ISVs for more than a decade now and I have seen time and again the process of a potential or current customer insisting that a feature must be added or a functionality changed. Not always, but often when the ISV has caved and added a feature that they did not feel would add value the negative feedback drowned out the voices that were asking for it.

In software development for commercial use you have to follow the advice of the song lyrics sometimes, namely "If you can't please everyone, then you've got to please yourself".

Ultimately if your product fails you can't blame a customer or even a group of them for demanding things that ultimately took you off mission. Each customer complaint or feature request is a gift (as the book title goes), but it is not always one that you should embrace. This also goes for resellers, sales staff, developers and everyone else who is not on the blame line for the acceptance of the product by the market. That responsibility falls on the product owner who is often the business owner and visonary, or in cases like Microsoft a senior manager or executive.

If everyone remembered this we would probably have better software overall...

I think this is an interesting signpost that SilverLight is rapidly approaching widespread acceptance.

Check it out the web slice at the Add on Gallery.

I had thought I would have years or at least a year more to wait for the third version, but Microsoft has been driven to outstrip the competition. I hope the competition tries to keep up since I like this pace very much.

If you are just getting started check out the "How Do I" Videos and read regularly Scott Guthrie's blog.

SilverLight in this new release has the makings of starting the next dev revolution I believe. If I am right this one will have as big an impact as the release of Visual Basic 3.0...

Initial feedback has been quite positive so if you happen to listen to it I hope you like it as well. This particular episode is found here

Ultimately I don't see any reasonable way to stop jobs from following a well established lifecycle that ends in automation. If you take any task that is currently done by a robot you can probably look far enough into the past to find a point in time when it was cutting edge technology and either a skilled technician or fine artisan performed the function for premium pay (Dot Com boom html programmers for our purposes). As time goes on the task or job becomes well understood, well documented and even taught in all the schools around the world and since the task is still highly paid (that has eroded by now) it attracts alot of people who want that job. Then the task moves toward commodity and the formerly highly paid technicians and artisans have chosen from exactly two courses of action. They have either moved on to the new cutting edge thing or they are moaning about the erosion of their value in the marketplace (blaming the marketplace of course and never themselves). Then it gets worse for this latter group since eventually (and eventually comes quick in the 21st century we have found) the commodity task is recognized to be cheaper to be done offshore. For high tech India and Egypt are hot along with many other locals (I just have most of my experience with offshore teams in these countries). The formerly high end task is drone work now and can be done by a bright student from any continent so the work flows to where it can be done most inexpensively. This is the point of maximum complaint by those who remember making $100 an hour for doing this task. They then stop paying attention just in time for that task to be automated by a program, system or abstraction layer so that no one would ever pay for it to be done by hand ever again. At this point you could probably hear people in the offshore tech districts complaining. This is progress. It is painful, but it is also inexorable, you cannot stop it and you shouldn't try to slow it down. Instead you should be like the other group of highly skilled technicians and artisans and find the next big thing and constantly hone your skills. This is absolutely doable in our high tech field.

I know this post will come off as callous to some and I am sorry if I am too blunt for some, but especially in times like these we have to stop looking back wistfully at the past and grab our books and browsers and dig in to invent and shape the next revolution. I personally think that energy and the technology that helps with conservation is the next big thing, but there is still lots of room elsewhere. If you view the lifecycle of a job as a good thing you see that it has freed us from farming our own food, making our own clothes and has allowed so many of the things that are best in our civilization. Embrace it or be marginalized.

Finally my apologies to those stock boys out there who have had their hopes and dreams shattered by R2D2.

It has been proposed that guidance is needed to ensure that solutions are "open". I can only assume that this means that they want code deployed on vendor A's platform can be moved to vendor B's platform unchanged (the classic case of wanting to not gamble on vendor lock in). While that is not specifically stated, I just don't see any other interpretation that makes sense.

Time will tell, but I suspect we are several years of market testing and evolution from a point where we can even begin to have this conversation intelligently.

To read more on this topic I will point you to blog posts by Chris Auld and Michelle Bustamante. I must say that I agree with them for the most part.

• A session on AJAX
• A session on Commercial Software Dev (vs. Business development)
• A session on Indexing Optimization in SQL Server

Waleed Abdelwahab for pushing me to revive this blog. See you all soon! http://www.patrickhynds.com/PermaLink,guid,0f54d98e-d248-407a-acf8-a18c472f295e.aspx http://www.patrickhynds.com/EDCSessionTopics.aspx Wed, 12 Mar 2008 20:55:48 GMT As I said a couple of days ago, I am speaking again in Cairo in a few weeks at the EDC. I have arrived on the topics that I am presenting. While these are still subject to change it looks like: <ul> <li> A session on AJAX</li> <li> A session on Commercial Software Dev (vs. Business development)</li> <li> A session on Indexing Optimization in SQL Server</li> </ul> I am really looking forward to seeing all my friends and again want to thank <a href=http://wabdelwahab.wordpress.com />Waleed Abdelwahab> for pushing me to revive this blog. See you all soon!<img width="0" height="0" src="http://www.patrickhynds.com/aggbug.ashx?id=0f54d98e-d248-407a-acf8-a18c472f295e" /> http://www.patrickhynds.com/CommentView,guid,0f54d98e-d248-407a-acf8-a18c472f295e.aspx Development Speaking

Microsoft has just released their new Anti-XSS library which helps developers do the right thing more often without as much effort as before.

If you are interested in this (and trust me, you are) your first stop is to go to the tutorial and see how it is done.  As you will see it isn't stupid simple, but an improvement.

Once you get confortable then go to the official page and download the library and make it part of all your web projects.

Code Camp 6 is tomorrow at the MS office in Waltham and this is the first one since the original world premier Code Camp that I am going to miss.

With Thom Robbins moving on to Redmond and the rush of business that everyone seems to be seeing, this 6th edition didn't come together nearly as early as previous editions.

I apologize for not making it, but since it is slimmed down to a single day this time and I specifically have a conflict tomorrow, I won't be there.

I expect we will do a better job for Code Camp 7 and provide much more advanced warning and I will do my best to defend the date ;)

I have been casting about for .Net Best Practices and came across Adam Cogan's lists of how to do pretty much everything.  The funny thing is that I have known Adam for years and was aware that he had compiled quite alot of information on his site, but until I started to dig through it I hadn't realized just how much is there.

If you are trying to codify your companies "how we do it here" then make sure you check out Adam's site.

I normally don't post twice in one day, but this blog post by Rob Caron was VERY helpful in understanding VS2005 licensing and the relationship between the products.  I expect it will help alot of people grasp it since I get asked this question a fairly often in my roaming.

Thanks Rob and Enjoy!

I was just thinking about one of the bugs listed in the latest hotfix from MS and realized that while aspx and config files are not at risk since they are mapped to aspnet, the express database if stored in App_Data probably is.

We don't typically use SQL Express, but my bet is that this is the greatest risk factor for this bug.  Thoughts?

If you are into threat modeling (and you should be) then you should check out the latest version of the product formerly code named "Torpedo".  I think this is the first product to make real strides (bad pun intended) toward making threat modeling more approachable for the average developer.

Get it at:
http://msdn.microsoft.com/security/securecode/threatmodeling/acetm/

At Code Camp 5 in Waltham this past Sunday I was delivering my session entitled "All you need to know about Membership", when I learned that I didn't know everything I need to know about membership.

Someone asked if the scripts were available that aspnet_regsql.exe uses to create the membership table.  My answer was that I hadn't seen them so I assumed they were baked into the exe.  WRONG!  Our good buddy and fellow Code Camp presenter, Dan Krhla, pointed out that in the same directory that you find the aspnet_regsql.exe (namely C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727) you also find the scripts that the tool users including InstallMembership.sql.  There are a bunch of them and you have to install them in order (installcommon.sql first, etc.).  They offer some good insights and I have already spent a bit of time on them myself.

Thanks again Dan and I am happy that the question came up so I could learn something too.  This is why I really love the Code Camp.

MS has committed, at some level, to support VB6 on Vista.  In an article from February there are some details, but we now know that if you have a VB6 application that you cannot live without, you will probably be OK for years to come.

This is both good news and bad news.  While I feel the pain of people who depend on these legacy tools for their products to work, I can't help wincing when I see this because old tools support old techniques and technologies that are often just not up to the task of building secure applications.  Everything from cryptography to SQL Injection have evolved as have the tools to combat them.

If you are using / depending on VB6 then congratulations, but my advice is to get off of it (from a seasoned VB developer) unless you can really and truly convince yourself that it poses no weaknesses in security based on your use of it.  Eventually you will have to jump.

Sharing a web server between development teams is always fun (not).  We had a problem surface today (or resurface) where if a developer creates a web application on IIS that uses .Net 1.1 for example (not an uncommon occurance) and some other developer creates a web application on that same server but this second one uses .Net 2.0 (something becoming more common every day).  Odds are that the developers and even sometimes the network engineer or web master will allow the defaults to lull them into the false sense that it was an easy and straightforward task.

The problem is that they both allowed the "Default Application Pool" to remain selected and now the second of these sites to load will crash IIS.

You can't have two different versions of .Net loaded into the same process and Application Pool often (though not always) means the same process.

Scott Forsyth has an article about this very issue that will help describe the error that occurs when you have this problem (the "Server Application Unavailable" error).

If you haven't seen this yet, then you will.

Scott Guthrie pointed me at a link to the source code for the ASP.Net 2.0 providers including the Membership and Role Management providers.  While I think the Profiles, Web Parts and Site Navigation providers are important and cool, I expect to do much more with the Membership provider.  Expect to see some customizations in presentations I give in the future.

I think this is a great step and am not surprised to see Scott doing something this cool.

Check it out!

Like the Code Camps another good idea is coming out of the Microsoft Developer Evangelists.  This time it is a web site with an interesting concept.  If you go to http://www.community-credit.com/DevCommunity.aspx you will see it in action and also be able to see the people who are working hard to build their technical communities. Think of it as an ongoing public resume where people who contribute to the community get credit for their efforts.

I think this is a good step in building a nice feedback system so the dev community keeps going.

Check it out.

When I was in Cairo for the MDC a few weeks ago, I gave several talks that touched on the new membership controls in ASP.Net 2.0.  One question that came up repeatedly was how far can you stretch the provider before you have to write a custom membership provider.  The answer turns out to be not very far.  The provided membership providers are very good and very extensive, but they are also fairly rigid in their implementations. 

I think I have the 3 criteria that will force you to realize that you need to bite the bullet and write your own membership provider:

1. If you need to access your own schema that is different (in any way) from the schema provided.  Running Aspnet_regsql.exe creates a database and if you need to edit that schema then you cannot live without a custom provider except if you are adding tables for your own use, but bear in mind that the provider will just ignore your additions.
2. If you need to access data in someplace that is not supported.  Even if you want the same schema as the default providers support, you cannot use a proprietary database for that data and expect the providers to just work.  The XML provider is the most common example (though not very real world), but you could think of many scenarios including SQL 7.0 where a custom provider would be in order
3. If you need / want to insert some abstraction between the provider and the data.  Stefan Schackow of Microsoft had a great session at PDC 2005 in which he demonstrated creating a provider that allowed for the situation where your web servers were not in direct contact with the database server.  To solve that problem he wrote a provider that took a web service endpoint as its connection string.

So as you can see you are quite likely to find yourself having to write your own provider.  The good news is that it really isn't that hard to do once you have done it once or twice ;)

A number of the Microsoft Regional Directors and I have been posting back and forth all day about the C# vs. VB.Net issue, but not in the way that contentious bone usually plays out.

Rocky Lhotka not only started the thread, but he also was the first to bring it into public space with his post and quote from one my my analogies.

The point I would like MS to get is that while C# and VB.Net are very useful and powerful each in their own right, they work to cross purposes.  The biggest problem is that in spite of vastly different syntax and heritages there is a little difference between them to the effect that you can't walk into a development shop and say "you will save 30% of your time coding in C# because your projects are mostly X type". That is the type of distinctive purpose I want and that is what my customers by and large want. A decision point, a clear guideline, a stated objective.

At the moment I think both language are trying to do the same thing but for people with different prejudices vaguely based on their backgrounds. While choice is generally good it can be bad when it leads to paralysis. Jim Allchin once said that having brought NT to market, if he had it to do over again he would remove every single user configurable setting as they were the source of all the heartache.

The analogy that comes to mind for this situation (and the one borrowed by Rocky) is that as a commander in combat I know when to use a Tank (plodding and durable lethality) and I know when to use a A-10 (fast, manueverable and vulnerable lethality), but if you make tanks fly and add a few feet of armor on an A-10 then you get the same muddy water we have between C# and VB.Net. Those that know me will forgive the military analogy ;)

About a month ago I signed up for a newsletter called FastTips by Microsoft.  My old friend, Thom Robbins had a big hand in creating this and actually has done many of the demos I have watched (very well I might add).  I often get asked where people should go to get up to speed faster and I can't think of a better way to push learning then a push based technology like this newsletter.  You can subscribe to FastTips here.

You can't know everything, but if you don't work at it you will soon find that you don't know enough.

Mark Russinovich is a brilliant guy and likely not so popular with the people at Sony these days.  Mark was testing out some root kit detection and removal software and discovered that in their exuberance to implement Digital Rights Management Sony has created a very ham handed solution that behaves more like a rootkit than some of the very worst actual rootkits out on the Internet.

Read Mark's Blog which details his discovery or go to theregister.co.uk article that summarizes it.  Good reading about bad code!

Thom Robbins of MS is introducing a really cool competition called the "Launch 2005 Screencast Contest".  The concept is that you get a free 30 day copy of Camtasia and record one or more demos with audio.  The entries will be screened and the winners in the major launch cities will win some useful stuff.

Thom breaks it all down on his blog here.

I did one of these during the break at the last Code Camp and it was actually pretty cool.  My demo is up on Channel 9 and I am definitely going to be doing some more (though if I know Thom, I am not allowed in the contest).

I have been out of it for about a week due to travel to present 7 sessions at TechEd Hong Kong, but now I am back.  It was a great event and as usual was characterized by very high energy keynotes!

The highlight for Bruce Backa and I in our presentations was our last session on Server Control Development for ASP.Net 2.0.  The demo of a control that leverages AJAX style updating to the content really churned the audience and opened some eyes.  I have been asked to provide the source code to that particular demo (for session WEB428) so here it is: WEB428Done.zip (51.22 KB)

I have to thank everyone who got us to go over there (for our fourth time!) and to Andres Sanabria from Microsoft for the slides and the framework for this particular demo.