This release contains some big changes.

Task Syntax

Gone are things like Run.[option].[option].Execute() and they have been replaced with Task.Run.Nunit(options=>options.specific.to.runner). This removes the need to remember to use .Execute() all the time (I was constantly forgetting and I wrote the thing). I am fairly happy with it so far.

Exampes:

Task.Build.Csc.Target.Library(compiler => compiler.AddSources(sourceFiles)
.AddRefences(thirdparty_rhino, thirdparty_nunit)
.OutputFileTo(assembly_FluentBuild_Tests));

Task.Run.UnitTestFramework.Nunit(nUnitRunner=>nUnitRunner.FileToTest(assembly_FluentBuild));

Task.Run.Zip(x=>x.Compress

.SourceFolder(directory_compile)
.UsingCompressionLevel.Nine
.To(directory_release.File(“release.zip”)));

FTP Publishing
As I mentioned in a previous post I added some quick and dirty FTP publishing. It only publishes a file at a time currently so its not a full fledged FTP publishing tool.

Errors
For a while I only had the error message publishing but I have switched that to include the full exception as it was problematic to find errors before. There have also been some internal changes to how return codes are handled from programs. If a third party program throws an error then FB will return an error code of 1, not the error code of the third part application.

Logger
The message logger code has been simplified a lot and will probably get another round of cleanup soon. It has been moved to Defaults.Logger for now but will probably get moved right into the BuildFile class you inherit from as that makes more sense to me from a user point of view.

Whats Next?
I am getting fairly happy with the application right now but I would like to do more testing before I release it. I will be tweaking a bit of code and adding some more functional tests to the build but I hope not to have any big changes for the next while.

Task.Publish.Ftp(x => x.Server(“ftp.server.com”)
.UserName(“username”)
.Password(“password”)
.LocalFilePath(@”c:\temp\test.txt”)
.Timeout(new TimeSpan(0,0,15,0))
.RemoteFilePath(“/html/”)
);

It only supports one file at a time and re-authenticates per request for now so uploading a folder structure is not recommended at this point. A more full fledged solution will be coming.

Task.Run.Zip(x=>x.Compress.SourceFile(“test.dll”).OutputTo(“test.zip”));
Task.Run.Executable(x=>x.PathToExecutable(“test.exe”));

Due to the scope of the change (and the fact that I have not switched to git yet), I have committed this code but there are still a lot more changes to be polished (and some namespace moves still to be done). I hope to have some time for further refinement and a ton of cleanup after this change in the coming week.

 
Option One: Generic run method
+simple to use
+expandable
-need to know what can be run (might be in one namespace)
-how do you handle executable return codes? (or other result objects)

Task.Run(Zip.Compress.SourceFile(“tests.dll”).UsingCompressionLevel.Ten);
Task.Run(Zip.Decompress.SourceFile(“tests.zip”));
Task.Run(Executable.Path(“test.exe”));
Task.Run(Debugger);
Task.Run(Nunit.Assembly(“tests.dll”));
Task.Run(MsTest.Assembly(“tests.dll”));

Option Two: Run narrows down choices then builders are used as arguments
+simple to use
+lets you know options available
+Allows for return codes for items that require it (or other result objects)
-much more language required to learn

Task.Run.Zip(Compress.SourceFile(“tests.dll”).UsingCompressionLevel.Ten);
Task.Run.Zip(Decompress.SourceFile(“tests.zip”));
Task.Run.Executable(Executable.Path(“test.exe”));
Task.Run.Debugger();
Task.Run.UnitTestFramework(Nunit.Assembly(“tests.dll”));
Task.Run.UnitTestFramework(MsTest.Assembly(“tests.dll”));
Option Three: Run narrows down choices to the most narrow point then builders are used as arguments
+simple to use
+lets you know options available
+Allows for return codes for items that require it (or other result objects)
+Intellisense would only give you one option for the arg to pass in
-Bit more verbose with the “Options” builders

Task.Run.Zip.Compress(CompressOptions.SourceFile(“tests.dll”).UsingCompressionLevel.Ten);
Task.Run.Zip.Decompress(DecompressOptions.SourceFile(“tests.zip”));
Task.Run.Executable(Executable.Path(“test.exe”));
Task.Run.Debugger();
Task.Run.UnitTestFramework.Nunit(NunitOptions.Assembly(“tests.dll”));
Task.Run.UnitTestFramework.MsTest(MsTestOptions.Assembly(“tests.dll”));
Option Four: Have a runners factory class that creates the builders
-need to know to do Runners.
+always know where to start (once you know to use Runners.
+simple syntax
-How do you handle executable return codes? (or other result objects)

Task.Run(Runners.Zip.Compress.SourceFile(“tests.dll”).UsingCompressionLevel.Ten);
Task.Run(Runners.Zip.Decompress.SourceFile(“tests.zip”));
Task.Run(Runners.Executable.Path(“test.exe”));
Task.Run(Runners.Debugger);
Task.Run(Runners.Nunit.Assembly(“tests.dll”));
Task.Run(Runners.MsTest.Assembly(“tests.dll”));

Let me know your thoughts or give me other options to make this simple and intuitive!

FluentBuild, is my open source fluent interface around doing builds. It has been coming along as I get time and it is almost to a place that I like it. I found the filesystem interface really became its own beast so I am spinning that off into its own library (https://github.com/GotWoods/FluentFs). I have a few remaining beefs with FluentBuild:

1) Having to append .Execute() to the end of a lot of the tasks. I always forget and I wrote the damn thing. I will be changing the interface around to more of a Task.Build(details go in here); I am thinking. This should make things simpler to me.

2) The calling out to external executables (which happens a lot) is not where I want it to be at. I am trying to find some time to revise this. My goal is to have a set of injectable processors that can analyze the output from the executable and determine what to do. This will allow for more fine grained control over how output is dealt with. Most of this should be transparent to the user but it will of course be extendable and simple to use.

So the roadmap to me is this:

1. Now that FluentBuild and FluentFS is split I need a way to merge it all back simply so that users are not dependent on two projects. It also guarantees compatibility.
2. Possibly migrating to github (I enjoyed the experience with FluentFS so FluentBuild may get migrated as well)
3. Removing the need for .Execute() on methods
4. Reworking the executable callouts.

So lots of work ahead of me on this but getting closer to what I want it to do. I have been using it on several projects and I feel that it is getting closer to a release.

I would like to thank all the people who have given feedback, patches, and bug reports for the project!

I have decided to drop out of Microsoft’s Most Valuable Professional Program. I have decided this for many reasons. Mainly I feel the program has no value to me and that MVPs are of no value to MS.

Experts

MS states how they have these “experts” in the community and that are involved in the products. While I have met some really smart MVPs I have also met some that are so out to lunch on things yet MS still considers them experts. To me this completely devalues the MVP program. I am definitely no exception to this. I am a MVP in developer security yet I don’t consider myself to be an expert. Interested yes. Expert no.

The way you get in is by contributing to the community. I had done lots of this and it was really nice to get recognized for it. Once you are in you are supposed to be this expert that provides feedback to the products that MS is building. Now this is where the program breaks down.

Products

Firstly most products you never hear about until it is too late. I hear about more MS technology from the mainstream media than I do from the MVP program. As a MVP who is supposed to be like an insider I thought that they would be looking to us for feedback on these technologies. But they don’t. They will take it after the product is released though but by then there are usually too many issues with the technology to be overcome.

While some products are great there are a big few that still irritate me:

 TFS is garbage if you have used anything else. I should never have to struggle to get things under source control as much as I have with this product. I should never have to struggle for days/weeks to install it. I should never have so much trouble configuring it or applying checkin policies. If any MVP worth their salt was asked about this then MS should know this.

MSBuild is another failed technology to me. It does not come close to the power of Nant so if I am going to pay the XML tax I will pay it with Nant. I will say that it is nice that proj files are msbuild files yet whenever I have had to customize my builds with MSBuild I want to hurt myself. At first I thought it was the learning curve but to me the product just does not meet my needs. Again if an MVP that uses a build technology was asked then MS would have known about this.

MSTest also missed the mark to me when they said it was not geared towards people who do TDD. Really? No one else does TDD? I am the only MVP that does? I think not.

The big one that continues to bug me is Entity Framework. At the ‘08 MVP summit a lot of the MVPs that saw it before it was announced pointed out the serious issues it has. At the ‘09 summit we were excited to see the improvements they had made but instead we were shown the same crap that was the ‘08 entity framework. This spawned off the Entity Framework Vote Of Non Confidence and finally in ’11 we have some of the changes that we said were so needed in ’08. Good job valuing the input of the people that actually have to use the crap you put out.

MS “Listens”/”Cares”

To me it seems that MS having MVPs is a way for MS to feel that they are in touch with the community at large. This is great for a company to do but it seems like the feedback that is given falls on deaf ears for many products. I am not saying that this is for all products though as some do really care about feedback. For the most part though it feels like any feedback given just falls into a void. When I asked for some contacts for TFS/MSBuild/MSTest I was told to send my feedback to my MVP lead and they would forward it on…. Because that is open. You want MVPs to be involved yet filtered (I felt anyways). I have had more interaction with MS staff by tweeting things that I have through the MVP program.

The other big issue I have with MS in general is being treated like we will jump through hoops to help them succeed. There have been a number of “tech x is launching in a few weeks so build something” so we can showcase it emails I have received. Well that is great but how am I going to build a good app on a new technology with little documentation and no access to anyone at MS who can give me some accurate answers to issues? I understand that MS staff are not there to troubleshoot my application but on new/unreleased technology it would be good to have some sort of access if only an internal message board.

There are some internal lists at MS for MVPs as well. I found out about the security one after being a security MVP  for OVER A YEAR. Now that I am on it…. Not much happens. There is little in the way of solicitation for feedback and there is little feedback provided. I assume this is because the security space is pretty quiet but then I am surprised to see things at the summit that I had no idea were being developed.

The most surprising thing to me was when I told my MVP lead that I was not interested in participating in the program. The response was: “No problem.  Thanks for letting me know Dave.  Good luck in the future”. I expected maybe a bit more of a “Why?” response but I am not surprised that MS does not care about what other people think. Maybe, because I have become harder on MS that they are happy to be rid of me. Who knows.

Maybe I am being hard on the program. Our MVP lead is great and tells us that whatever we need he will make happen. Great but how about you let us know some of the things that you can do for us? If you want something like WP7 to succeed get more than 5 dev phones and let us know you have them if we want to build applications. If MS is thinking of a new technology solicit the MVPs for people that use or have an interest in the new tech and get their feedback at the START of development instead of at the end.

Rewards

The MVP award is given to those that contribute to the community. I enjoy doing this and I will continue to do this whenever I can. Unfortunately it costs a lot of time and money to contribute to the community. If I give a talk I have spent 40 to 200 hours preparing (yes 200 hours on a 1 hour talk) plus the costs to travel to another city, food, and accommodation.  MS’s reward is a MSDN subscription and half of a hotel room if I attend the summit (there used to be more benefits but they have been rolled back to save costs). It would probably be more affordable for me to purchase an MSDN subscription on my own and stop speaking entirely. I have gained no additional work from the MVP program, no additional speaking gigs, and have not made relatively few connections to others because of the MVP program.

Fin

The program has become a black mark to me. It does not contain just experts (heck, they let me in). It does not certify that anyone has a clue about anything (and some of the MVP only lists prove this). It has not opened any doors for me. It does not help me stop MS from releasing crap that I have to work with. All it does for me is give me an MSDN subscription and another line on my resume.

1. We have realized that network security is important. Every organization I visit seems to have a firewall, antivirus, and windows updates turned on. Ten years ago it was every computer was connected straight to the internet with an exposed c$ share it seems like. Finally most corporate (and many home users) seem to have taken some basic security measures.
2. Users still click on anything that pops up on the screen until they get the application/website to work. I have tried to educate people on this but it has become apparent to many of us in the industry that users just want things to work and it only when they go wrong that they care. For instance, my parents install every plugin they are prompted to as they feel that if it was bad their antivirus would catch it. I don’t fault them for it, it is just human nature. We expect the locks on our house to keep people out when it is simple to smash a window (or cut a hole in the wall). We are coming around the corner on this one and seeing that we can’t educate everyone and things need to just be more secure by default and leak less information.
3. People care a lot more about their privacy now. People also don’t realize that most places gathering information don’t care about you as a person, they care about you as a demographic. Granted it is not a happy thought to know how much info about you is floating around but if it personalizes my searches and shows me advertisements for things I am interested in so what? It is only an issue (to me) if that information is used for nefarious purposes.
4. Many more technologies are shipping with a more “secure by default” mentality. The *nix/bsd attitude has been like this since I can remember and Microsoft has really turned a corner and secured their products. I remember when a new client would tell us they were running an IIS server and we would just laugh, wipe the box, and install FreeBSD/Apache for them. Nowdays I only laugh when people have an Adobe product installed (we all do… so ha ha). Adobe has realized that this is starting to hurt them and are making a big security push like MS did years ago.
5. Schools have not taught about security and they still don’t. I see a bit of growth in this area but I feel this is incredibly lacking. Every time I give a presentation and ask how many people don’t know about SQL injection someone still raises their hands. It is not acceptable to have developers that don’t even know about the most basic/common security holes and how to prevent them. It is like hiring an electrician that does not know how to use a circuit breaker: they might get by for years without an incident but it is bound to happen eventually.
6. Phishing/scams/chain letters has risen and fallen a lot. I find most people I talk to realize that people are trying to scam them (or will ask others to see if it is a scam) and that they know if they don’t forward this message to ten other people a kitten will die (except for my sister). 
7. Piracy became common place. Back in the day it was technically difficult to find the software/music/movies and then crack it if necessary. Now my grandma can run a P2P client (or the vast array of other tools) to get her favorite songs. It is common place and it is sad. Not because I love big rich Hollywood types that complain about the money being stolen from them as they drive through Starbucks in a gold plated Bently. It is the fact that for such a huge market that they continually fail to make it simple to get the content we want quickly, conveniently, and be able to use it how we see fit. If I ran an ice cream store and everyone wanted paint flavored ice cream served off a piece of copper pipe you would see me at the hardware store every day. I think they are starting to get it and I hope to see some progress there so that everyone is happy (except me…. until I get a gold plated Starbucks).
8. The goal of software development was and still is for the most part to deliver working software. Security takes a huge back seat and is almost never a first class citizen. I don’t see this trend changing much. The nice thing is that many languages are shipping in a more secure configuration which helps developers not leave as many gaping holes but I still feel that education is very important for developers.

TeamCityPlugin
This is a plugin that I wrote that allows TeamCity to work with FluentBuild. TeamCity plugins are written in Java and I am not a Java developer but it seems to work quite well in my environment(s) so far but I am still not 100% confident to officially release it.

BuildFileConverter
For my testing I was converting peoples NAnt scripts by hand and it started to get pretty tedious. I decided to create a really quick and dirty converter application. The application works fairly well to get the initial conversion from nant to FB. It will create your variables (and attempting to determine if they are BuildFolders or BuildArtifacts), initialize them, and create methods for each build target that you had. It does not parse build targets and convert them to FB syntax yet though.

BuildUI
I always found reading output on the command line was a pain so I started working on a UI component to run builds. It is in its very early stages but it is much nicer than using most command line applications I hope.

Where these features will go, I am not sure but if you want to play around with them then feel free.

FluentBuild is a .NET fluent language around builds. It makes doing builds way easier than in Nant, MsBuild, and (in my mind) other build languages. With it you can now write a build file in C# (other language support on the way) within visual studio which allows you to get intellisense, refactoring support, and you are even able to debug your build files.

The project site is http://code.google.com/p/fluent-build/

I just finished putting together a demo video. I recorded my screen at high resolution so full screen viewing is recommended and the volume recorded a bit loud so turn down your speakers to start.

WCF has a huge security component to it (as rightly it should). The technology is massively configurable to support almost any security scenario one can dream up. Unfortunately this also makes it massively hard to learn and implement successfully and many developers tend to work around the security rather than learn how to implement it correctly. With a bit of knowledge WCF security is not nearly as intimidating as one may think.

There are several security concerns to deal with in any communication technology. The top two most common concerns  are: making sure that no one can read, modify, or replay a sensitive message and ensuring that a caller is authenticated  to use the system and authorized to access the resources they are allowed to access (and denied access to the ones they are not allowed to access of course). The other concerns are usually around Availability (i.e. making sure the service is resistant to Denial Of Service attacks) and Auditing (being able to log and monitor security events).

Message Protection

Protection of the traffic in transit is easy to use and is typically turned on by default (basicHTTPBinding has no security by default). There are two choices to make with securing traffic: Transport or Message security. Transport security relies on security builtin to the protocol you are using (e.g. HTTPS for HTTPBindings and TLS for TCP bindings). Message security lets WCF sign and encrypt messages and then sends it across the transport.

Transport Security:
+Interoperability: Neither party in a communication need to support WS-Security specifications
+Potentially better performance
-Security is point to point. If a message is routed through an intermediary it will not be guaranteed to be secure (i.e. many load balancers accept SSL traffic, decrypt it, and send it unencrypted to a node in its array)
-Supports a smaller set of credentials and claims used for authentication
-All or nothing: A message is either encrypted or it is not

Message Security:
+End to end security: message security survives being routed through intermediaries
+Allows partial message signing/encryption so that only messages that need protection can be protected
+Transport independent: Message security can be used with any transport protocol
+supports a large set of credentials and claims
-May reduce performance as each message is secured and can not take advantage of hardware acceleration
-Not as interoperable as both sides must implement the WS-Security specification

There are also a few other approaches as well. There is the hybrid TransportWithMessageCredential which the client credentials are provided at the message level and the remainder (the message itself and service authentication) is secured by the transport. The other type is TransportCredentialOnly which is ONLY for basicHTTPBinding that does mutual authentication at the transport level.    

From http://msdn.microsoft.com/en-us/library/ms731172.aspx

Up Next: Authentication