I hate hate hate web development and for some reason I do it all day and night. Maybe I do it so others don’t have too. I am such a hero.

The reason I hate it is that it was never meant to do what we are doing with it now. The sheer amount of technology introduced to accomplish such a simple thing as showing someones email inbox takes thousands of lines of code and multiple technologies. I know that I have been on projects that get extended way past there initial design (the current app of 3 years I am working on started as a 4 month project). But there came a point where we stopped and said that the app was stretched to far and needed to revise the way we structured some of the app/database to allow it to expand. Unfortunately I don’t ever see this happening with the web unless smart clients take off huge and can run on any platform with zero issues.

To that end here is my technology required list for developing an average website vs. windows app

I recently attended the Calgary Code Camp and had a few insights into the future of our world.

I feel that the need to specialize is comming. As much as I hate specialization as it can make you obsolete pretty quickly (i.e. foxpro specialists are few and far between). I know asp, vb, c#, javascript, sql2000, reporting services, crystal, access, php, networking, and a whole bunch of other stuff. I find that I use a lot of these skills on a regular basis but it is harder and harder to keep up to speed. I feel that I don’t know enough about programming even though that is what I do all day. Technology has reached the speed that my legs can not keep up to. I feel that having to narrow your skillset is the only way to be an effective programmer and still have a life.

At the camp I saw a presentation of the Windows Presentation Foundation (or WPF). WPF is cool in that it allows you to write an interface using an xml markup language and has a seperation of ui and code behind like the web does. You can also do flash like animations with a timeline and render 3D objects. While this has a big wow factor I feel that it will not be used that much. For one we are always under a time crunch as developers and making a pretty animated interface is not high on our priorities. Business users want a fast application that they are not sitting there watching the pretty animations that loads data. Sure at first it is cool but the novelty wears off pretty quick. The xml scripting language is a pain as now I have to learn another language to design the UI and it seems that the naming is different than html / css naming too so I am going to have to learn to use back-color instead of backgroundcolor or something like that. Overall I think that we will see some nice looking apps but wont have time to build them ourselves.

I like Christies comment of needing a pause button for life.

I have been a fan of Nunit for a while now but recently I have noticed that I never open my UI project on my application. If I add new functionality I write a test case for it to ensure that it works. When I change something internally I run Nunit. I guess I am just amazed at how smoothly it has transitioned to this since I hav added a wack load of test coverage to my project.

One of the cool things just happened now and inspired me to write this post. I am refactoring some redundant tables and stored procs out of my database and I just renamed a bunch of methods and ran my tests expecting them all to fail. To my supprise one did not as I left the stored proc in the database. So that caught one mistake. I then refactored my code to use the new proc and expected them all to pass but again one failed (I forgot that one object has ‘special needs’ and needs to be inserted differently). This process seemed to repeat over and over with me catching one little thing with my tests. By the end of this refactoring I caught 5-6 items that might have been missed in my hands on testing but caught by the user resulting in 5-6 bug reports.

I know that this is kind of a dumb post for those of you that do unit testing / tdd but for those that don’t I hope that it inspires you to start looking towards a unit testing framework for your applications.

I just ran the vista upgrade advisor (tells you if you have the requirements to run vista). and was shocked to get this error:

We’re sorry, but your PC cannot currently install and run the core experiences of Windows Vista.
However,
you may be able prepare your computer for Windows Vista by upgrading
your PC hardware. You will need to take the following actions to run
Windows Vista. Additional hard drive storage
15GB free space required (Your computer currently has 3.53 GB)
You will either need to:
a) upgrade your hard drive to increase its capacity, or
b) create additional free space on your existing drive by removing unwanted files.
If
you decide to upgrade your hard drive, we recommend 40GB capacity at
minimum for premium editions of Windows Vista. Contact your PC retailer
to see if an upgrade is available.

Why in the world in an OS 15GB? How many DVD’s is it comming on? Or better yet how many CD’s for the non DVD people.

Just a quick note on security while it is in my head

1. Use an accept list instead of a deny list.
i.e. use a regular expression that matches [A-Za-z0-9]
vs. ![/*.()<>\......]

if you miss one character then your validation is useless. The first
validation allows only alphanumeric characters. All else are excluded
by the rule.

Microsoft had this issue with IIS 5 (I beleive) in
that people were exploiting it by using the urlencoded values to do
directory transversal i.e.
www.victim.com/%2c%2c/%2c%2c/%2c%2c/c:\windows\system32\command\cmd.exe
(now that is from memory so don’t shoot me)

If the processor only accepted .. instead of %2c things would have been good

(note
that having %2c is valid so it should have been decoded to a . before
it was validated instead of after but that would ruin my example)

2. Fail closed!
I can not stress this enough. If something goes wrong… shut down! fail! throw a billion exceptions.

My best example is a firewall. If an unexpected action occured in the firewall what should be done:
1. Crash and leave all ports open
2. Crash and close all ports cutting off any legitimate services

Ok
one impacts people connecting but it SHOULD! they will tell you and
then you know there is an issue and you can fix it. By failing open in
this case you might not know for months that your firewall is not
working as no one has complained.

I unfortunately keep running into places that need to migrate oracle or
I have had the unfortunate responsibility of teaching it. I absolutely
can not stand this product and I have a list why:

1. Cost. what an expensive POS.
2. useless junk. Oracle ships with tons of utilities that will never need to be used
3. Bloated install. Installes several apache instance / services I don’t need
4. GUI = the suck. I have never used such hard management tools
5.
no good query tool. The query tools appear to be wrappers around their
dos sql utility. Its like microsoft word using dos’s edit command for
an engine.
6. TNS Names. The only way to connect to a database is to
setup a tnsnames.ora file that makes a name map to an ip, port, and
service. Pray you dont have a syntax error. Why not just have it so the
client can connect to an IP? It makes no sense and is just another step.
7. Roles are sooo confusing. whats a SysOper, SysDba, normal? why not just have a good permissions model
8. Client size. Just to download the client so that I can connect is 550MB. 550MB! Thats MegaBytes! glad I am not on dialup.
9.
Support. I tried to email them but they don’t have an address on their
site. I tried to call them but because I don’t have some CID number (or
something like that) I can not get through the voice system. I press 0
over and over to get an operator and it just says “Thanks for calling”
and hangs up on me.
10. 80′s style application. The application
takes so long to learn and is so convoluted it reminds me of working on
my Apple IIe (may it rest in peace). The GUI looks like a win 3.1 app
and the steps required to do anything seem to take forever.

Now
I know a lot of this is due to me not knowing a ton about oracle but
software should be intuitive. I have learned the basics of a database
in an afternoon but I have been playing with oracle (very rarely but
still using it here and there) for the past 3 years and I still have no
clue why anyone uses it when there are products out there that are
comparable for a fraction of the price.

My recommendation to
oracle is to keep the engine the same but build some tools that make a
developers life easy. Make the install for both client and server as
minimal as possible and then allow me to choose what I want. Make it
affordable. Modernize the application and interface.

Oh btw
Oracle has had a pretty crappy security record. Just now they released
80 patches for Oracle 10 in their quartly patch cycle. YAY! 80 security
holes in 3 months!

My other issue was Oracle 9i. It was
originally called Oracle 9i Unbreakable as it was sooo secure no one
could hack it. Security Researcher David Litchfield found high risk
security holes in the application days after it was touted as
“Unbreakable”. I could not find a count of security holes in the 9i
database but I know it sure was replaced with Oracle 10 pretty quickly.

I decided to make the trip down to Calgary to check out code camp and I thought I would share with everyone.

WinFX – John Bristowe

Was a fairly good presentation about the new things comming out from MS.
Windows
Presentation Foundation – Nice look at the unification of mfc, forms,
directx but a little bit of overkill. I hate the idea of XAML (markups
for forms). Its cool to have 3D apps with animations but not usefull in
the business world. Users want fast, functional, easy. Users have a
hard enough time with their coffee cup holder let alone a 3D animated
interface.

Windows Communication Foundation – Was a quick talk
about the new solution to client-server / ipc communication. I really
like the idea of having all the security of com+, the simplicty of
remoting, the durability of MSMQ, and the open contract base of web
services (plus all the ws-* stuff added in). I wish the presenter would
have had more time to go into it

Windows Workflow Foundation -
Again a short and sweet look at how to do workflow via code. The
soluton MS has is great and is one of those new technologies I am
looking for an excuse to implement. Workflow asically allows you to
open a GUI and do a flowchart of your business process. You can
delegate steps to code, have if/else statements, pauses. Best of all
you can store the state of the workflow to a database and restore it at
a later time.

Conclusion
Great overview of WinFX. Was
exactl what I needed to see what was comming. I would have liked more
technical info on it but time was a factor. I felt the presentation
delivered exactly what i read in the bio on the seminar.

Session #2 AJAX  – Before and After Atlas – Kyle Baley

I
have used AJAX a bit before and wanted to see what MS had come up with
to make it easier. ATLAS for the 2.0 framework is awsome. I think it is
a sweet way to do it and keeps things so easy for the developer. The
presentation was a little slow covering AJAX which I did not like. Then
moved to ATLAS which was cool to see. Then went into the next beta of
ATLAS (I think) and languished and died. The topic could have been
covered a lot quicker I felt. I am sleepy now.

Session #3 – Extending Enterprise Library Using AOP and SOA – A. van der Merwe & F. Downing

I
have heard of AOP but no one seems to know how to do it outside of
theory from what I have read. I thought it would be great but this is
crap. I think they are just trying to sell their products to us. I
really have no idea what is going on and from the bored looks around me
I think no one else does. By then end I saw that AOP was implemented in
their product but not HOW it was implemented.

Session #4 – TDD, Data Injection In The Data Access Layer – Jean-Paul Boodhoo

This is the talk I was looking forward to the most. JP gave a good (but
fast talk) that showed a lot of great ways to keep the layers seperate.
I felt that he went to fast for most people not familiar with things
like model view presenter, mocking, and some of the resharper genreated
code. He said that TDD development has shifted him away from the
debugger as it is faster to write a failing test than to step through
the code. Overall it was a great session that filled in some gaps for me but I worry that it was too fast and too complicated for others.

Session #5 – 20 Cool .NET Tools You Can’t Do Without

Ummm…. yes I can. Most of these items I knew of already and some of them I don’t like.

The ones you should know:
    Reflector, 
    Resharper,
    Nant,
    Nunit,
    Ndoc,
    FxCop
The ones I am going to look into:
    DxCore (a free API that makes creating vs plugins easier)
    PageMethods (I can’t describe it. Check the website)
    Typed Collection Wizard (the name says it all)

The ones I want to live without:
    CodeSmith (code generator)
    CodeRush – Like resharper but w/o refactoring (I just don’t like products I have to pay for I guess)
    Refactor! Pro www.devexpress.com  (supports VB) (again have to pay for)
    SnippetCompiler (Tool that allows you to open a window and run some code…. like the builtin command window in vs)

The Others (mainly ones that do not apply to most peoples situation or are difficult to use / install / configure):
    GhostDoc -  nice tool for creating c# coments. based on naming of methods (apparently does vb and c#)
    TestDriven.NET – test with debugger is nice as it auto attaches to the process (can use ncover if right version is installed)
    WinMerge – file merging tool. Great for source safe merges
    Ncover – Code coverage
    MSBee – addin for Msbuild (vs2005) lets you target a framework i.e. 1.1
    CopySourceAsHtml – nice tool for people that blog
    Ndoc – API documentation generation tool
    NDepend www.ndepend.com shows assembly dependancies (good for deployment and shows usage in other assemblies)

Wrap Up

This is the first code camp I have gone to and there were some interesting talks. I wish that the sessions were a bit longer and a bit more technical in some of them but overall I am happy I made the trip. I was dissapointed in the give aways. There was about 10 books (5 of which were held up in customs), 5 crappy shirts, and 1 copy of dundas charts or reports or something. I like the free concept of a code camp so I guess I should not complain about the crappy give aways. Well time for some Hockey Night in Canada. Should I run around Calgary yelling “Lets go oilers!!!!!” ?