Bill Evjen's Blog

Ever want to get information for a reliable source then find what you need in a book but really not that interested in buying the entire book? Well, that is the type of customer Wrox is going after with the introduction of their new "Chapters on Demand" service.

You are now able to purchase individual chapters as a PDF file. Looking at the site, you will also find a lot of free chapters made available as well. Rather interesting to see how it goes - some people will love it and others will not.

Funny for me is that I still love to read so much on paper that I even still print out longer articles on the web to read/highlight/etc. I have a tough time getting into a long read of something on the screen .... maybe because I'm getting older now. ;)

Seeing so many others go on and on about how great Twitter is, I decided to give it a try. You can now find my link at http://twitter.com/billevjen. You can now follow me as I twitter (or however you term it). Enjoy or tune out.

I just noticed that our $60 book is on sale at Amazon for $16.49 USD! Crazy price. Grab it while you can.

Two of my latest books just hit the market - Professional C# 2008 and Professional Visual Basic 2008, both from Wrox.

The back cover of the C# book is as follows:

Updated for .NET 3.5 and Visual Studio® 2008, this book is the ultimate guide to C# 2008 and its environment. Beginning with a look into the architecture and methodology of .NET, the team of superlative authors explains why the C# language cannot be viewed in isolation, but rather, must be considered in parallel with the .NET Framework. After gaining an understanding of the foundation of C#, you'll then go on to examine the fundamentals of C# programming with each successive chapter.

New examples provide helpful explanations on how to use C# to solve various tasks. Plus, completely new chapters on LINQ, SQL, ADO.NET entities, Windows Communication Foundation, Windows Workflow Foundation, Windows Presentation Foundation, arrays, system transactions, tracing, and event logging all deliver essential information to help you gain a clear and thorough understanding of all that C# 2008 has to offer.

What you will learn from this book

• How to write Windows® applications and Windows® services

• Ways to use ASP.NET 3.5 to write web pages

• Techniques for manipulating XML using C#

• How to use ADO.NET to access databases

• Ways to generate graphics using C# 2008

• Numerous C# add-ins

• How to use LINQ to easily work with your SQL Server databases and XML

Who this book is for

This book is for experienced developers who are interested in learning the latest version of the number one developer language: C#.

Wrox Professional Guides are planned and written by working programmers to meet the real-world needs of programmers, developers, and IT professionals. Focused and relevant, they address the issues technology professionals face every day. They provide examples, practical solutions, and expert education in new technologies, all designed to help programmers do a better job.

The back cover of the VB book is as follows:

The 2008 version of Visual Basic is tremendously enhanced and introduces dramatic new concepts, techniques, and features to this popular object-oriented language. Written by an elite author team who are sympathetic to the challenges of learning VB 2008, this comprehensive book provides a clear and concise approach to using VB 2008 in the ever-expanding .NET world.

This book focuses on using the latest and most powerful tools from the Microsoft arsenal within your Visual Basic solutions. Looking closely at LINQ, AJAX, a new Visual Studio® and more, you'll be able to take lessons from this book and apply them to what you are doing today. You'll examine everything from the .NET Framework to the best practices for deploying .NET applications to database access and integrating with other technologies, such as COM and XML.

What you will learn from this book

• The core elements of VB 2008 as well as full syntax of all the new additions the language offers

• Ways that the Common Language Runtime (CLR) is responsible for managing the execution of code compiled on the .NET platform

• How VB is used in the creation, installation, running, and debugging of Windows® Services

• How to work with the new SQL Server® 2008 along with your .NET applications

• The many features of Windows Forms and Windows Presentation Foundation

• Ways to take advantage of the abilities of LINQ

• The new web technology introduced by SilverlightTM

Who this book is for

This book is for experienced developers who are looking to transition to the latest version of Visual Basic.

Wrox Professional guides are planned and written by working programmers to meet the real-world needs of programmers, developers, and IT professionals. Focused and relevant, they address the issues technology professionals face every day. They provide examples, practical solutions, and expert education in new technologies, all designed to help programmers do a better job.

It is quite easy to say that the IT world is a diverse world. For instance, it is quite rare that you would find an enterprise that is built upon a single vendor’s technology stack. Instead, you most likely find that a company is made up of a patchwork of systems. Some of the systems are based upon UNIX, some Microsoft, and some others (sometimes items that are considered legacy).

A company’s software and data repositories are something that grows quite organically over time. Usually you will find that a company’s systems not only grow organically, but they also start and finish at different times and under different editions of a company’s specifications. One year a company might want everything based upon Oracle, while the next (usually coming with a new wave of management) the company might want a company’s groups to build with a Microsoft SQL Server backend.

Another problem you will find in larger organizations is fiefdom. Groups are divided by divisions, vertical groups, horizontal groups, internal systems, or external systems. Your organization might be made up of numerous groups found in quite different parts of the world. If this is the case, you are generally going to find that many of these groups tend to work independently and under their own guidance.

If this sounds familiar, then you are in need of getting your firm to work towards an SOA, also known as a service-oriented architecture.

It is no doubt that you have seen the term SOA plastered almost everywhere these days. From magazines, to blogs, to books and more, you will find people are all buzzing about this new way of designing your solutions. With that said, what does it really mean?

You will find a lot of articles out there that define the reasoning for moving to a service-oriented architecture, but you will find very little out there that talks about how you should go about taking your first steps into this new world. You will also find many companies out there that are offering solutions that they say provide you with the SOA that you are looking for in your organization. What they are offering are software solutions whether that might be an enterprise service bus or something else. Let me just say, that there is no magic bullet to getting an SOA going. Instead, I will promote to you a combination of things that you can do to get you on your way to building an SOA that makes sense specifically for your situation.

Some of the steps might work for you and your organization, while others may not. It is not mandatory that all the items defined in this document are followed through to the letter, but from my years of experiences in getting large organizations with disparate systems to work together – these are the steps that helped me on my way.

Doing this is good for your business. You want the data and services that you firm offers internally or externally to make it more easily out of their silos so that they are more quickly and more intelligently accessed by the people, groups, or systems that need it.

Now, onto the steps you can take to bring your company to an SOA.

STEP 1 – Focus on Message-Based Activities

The important point of disparate systems is that they are required to communicate by requesting information as well as providing information or services themselves. These communications happen over protocols within a company or out there on public networks.

In building the processes of communicating messages, it is important to remember that your messages have to deal with the same issues as any program you develop. This means that you most likely have to deal with an authentication and authorization process, managing state, encryption, compression, and more. To help you in this process and make your messages as reachable as possible, a fundamental idea to understand is that messages and all the activities they perform need to occur and be message-based rather than protocol- or hardware- based.

This means instead of relying on HTTP to provide any steps related to the authentication and authorization process, routing, or encryptions – that you look to see how you can accomplish the same tasks through some type of encapsulation in the message itself. This gives you a lot of power if you choose to follow this important principle.

This means that instead of locking down your services by using SSL (thereby using HTTPS), you put the security aspects of your process in the message itself. This allows the security that needs to be applied to be contained within the message, thereby allowing the message to route and be placed on any protocol you want.

The first and most important gain in this is in the ability to transcend protocols as messages flow through the organization or even out to our customers and partners. This allows you to move messages from HTTP to TCP or even to proprietary back-end protocols as a message routes through a system. This also allows messages to be stored in some fashion – also storing a message’s metadata, security, encryptions, and more. There is too much power in this model. If you follow this one important step, this adopted model will cause many other questions to fall into place along specific paths.

STEP 2 – Dependency on SOAP

It should be stated that a fundamental structure of your messages you should agree upon is SOAP. There are many people in the world that say they building web services, but when you start talking with them, you find out that they are using proprietary XML and sending that over HTTP – nothing more. Instead, you will want to use a standard in how your messages look. This means using a defined schema and there is not a better schema in the market at this point in time than SOAP. However, it should be pointed out that there are other schemas out there that might suit your company’s needs. Currently the only one of any attraction in REST.

When using SOAP, you also need to commit to use the two defined areas of the SOAP envelope correctly. This means that the SOAP body can only contain items that directly relate to the message consumption – input parameters and output values. The other part of the SOAP message, the SOAP header, is the area of the SOAP message for any metadata pertaining to the message. This means that the SOAP header is the place to store security credentials, routing, encryptions, timestamps, digital signing management, and more.

The other item to make note of is the version of SOAP that is used. Presently, a majority of the world is working with SOAP 1.1, while some of the world's vendors have started offering SOAP 1.2 capabilities. All interfaces within your organization should (in the minimum) provide a SOAP 1.1 interface for quite some time to come. However, this requirement does not stop the ability for a development team to also provide a SOAP 1.2 interface. This only means that in addition to the SOAP 1.2 interface – a SOAP 1.1 interface will also need to be present. It should be noted that building web services in a Microsoft development environment would provide both a SOAP 1.1 and 1.2 interface automatically (unless it is turned off through configuration).

Another interesting note is that the future Windows Communication Foundation (WCF) does easily allow you to build a service once and make that service available via HTTP and TCP as SOAP through configuration.

STEP 3 – Security for Services

Security is always the top of everyone’s list as far as what should be dealt with in regards to a service-oriented architecture. Security in what I discuss here is to mean the ability to provide a user context (a set of credentials or token that represents a user for a set period), digital signatures, in addition to content encryption.

When looking at the security of web services within your organization – there should be two models – one for internal services and another for external services.

Internal services are services that are only offered within your organization and never make it out to the customer. These services are not offered over the public Internet and are always considered to be on a trusted network. This means that credentials are not in many cases required to be fully encrypted and therefore allow for the maximum in performance.

On the other hand, external services are services that are offered to clients over the public Internet and therefore the highest levels of security are offered to your customers. Though slower in process, security trumps performance in many cases

In focusing on internal services, the big question is whether to use WS-Security or not. There are good arguments for using WS-Security and, in my opinion, some arguments not to. If your organization is in control of both endpoints, there is little reason to use this security schema. Implementing and consuming services that are expanded using WS-Security are slightly tougher to build, consume, and simply understand when compared to building services where you control the structure of the security context representation. If your goal is to make your messages as consumable as possible for development staff that is at all levels in ability and on a multitude of different platforms, then using WS-Security is something that might be overkill. Especially for internal services that are working from database of records, you need to remember that there sometimes is value in having a certain level of trust in your organization. The more limitations you put on the movement of messages, the less they will flow.

External services should be treated differently. In addition, you should really try to avoid having external services work directly with your database of records in the backend of your environments. Instead, you should focus on passing external requests through intermediaries (other services or class libraries) thereby allowing you to move from more secure enforcements to less as the message moves up the chain.

STEP 4 – Compression

If you are sending SOAP documents over protocols such as HTTP, you will quickly realize that XML can get rather bloated. It will not take long to realize that you might need to do something in order to effectively move your messages around the enterprise.

To counter this problem you are going to want to compress SOAP messages in either the request or the response. Even better would be to compress both the response and deal with compressed requests that come to your services.

There are a couple of approaches, but it really depends on the vendor platform you are working with. In all cases, you are not going to want to have an absolute rule that messages will either need to be compressed in either direction as not all participants in your SOA are going to be able to comply to these kinds of absolute rules.

Microsoft’s WCF can deal with the compression of SOAP messages in either direction, while using IIS to compress SOAP responses from ASP.NET is also allowed – but you will find that it doesn’t deal with a compressed SOAP request from the client. gSOAP for C++ is also another web service platform that can deal with both compressed requests and responses.

STEP 5 – Binary Attachments

Moving your data and services around the enterprise is not only about moving ASCII text, but it is also about moving binary objects whether those objects are Excel documents, other Office documents, pictures, blobs, or more.

There are a couple of options in how to deal with sending binary objects. The first and easiest approach is to base64 encode your objects directly into the SOAP body and send that to the consumer. The consumer will have to do some work to take the value from the body and turn that back into the object they want to work with.

A better approach is to adopt a standard that is more tuned to dealing with binary attachments. A few years ago, I would have said to use DIME for your binary attachments, but today, you are going to want to turn to MTOM (http://www.w3.org/TR/soap12-mtom/).

There are many vendor technologies that support MTOM and it seems to have taken hold by all the major camps and will be something that you should make use of when moving your binary objects around the enterprise.

STEP 6 – SOAP Faults

Errors happen and an exception is represented as a SOAP fault. A SOAP fault is a specific format defined in the SOAP specification in how messages should appear if the message is an exception. Your organization should come together and define fault codes that are the same across the enterprise. You want a timeout exception to be the same in your organization no matter where in the organization this exception is thrown. This will make the lives of your consumers easier. Trust me.

STEP 7 – WSDL and XSDs

A SOAP interface is defined by another XML document – a WSDL document. You are going to define all your interfaces using a .wsdl file. In addition to the methods being defined within the SOAP document, you are also going to want to define the types that are passed in and out of the services through one or more schema documents (.xsd).

Working with schema-defined objects is the approach you should take rather than any type of string-based input. Do not fall into the trap of thinking that XML is nothing but a string. XML is a representation of objects being transmitted or stored. Your XSD documents define your objects and the WSDL documents define the interfaces that use these objects. This is an important rule to follow and one that many people that really don’t understand the value of XML abandon.

STEP 8 – Timestamps

In exposing sensitive data, you are going to want to include more than a username/password combination in accessing these services. You are also going to want to include a timestamp within the token or within the message in some format. This timestamp will allow you to invalidate messages that are considered expired.

STEP 9 – Encryptions

In moving messages from one location to another in your enterprise, there are portions of the message that might not be for every prying eye. For this reason, you are going to want to deal with partial message encryptions. You should not encrypt entire communication lines (like using SSL), but instead, you are going to only want to encrypt the portion of the message that is considered sensitive. That leaves the rest of the message to be worked with as a message might be routed around the enterprise.

Technologies like WCF and WSE (also from Microsoft) do allow for you to partially encrypt SOAP messages).

STEP 10 – Versioning

Usually, when you publish a SOAP interface, that interface will be around for some time to come. Other teams or products will build to that interface and will not be able to deal with you changing the interface or moving it to a new location.

For this reason, you are going to want to deal with versioning your web methods. One method of doing this is to name your service with a trailing _1_0 or _1_1 to define the version. This means you might have the following web methods:

• GetCustomers_1_0()
• GetCustomers_1_1()

This will allow other groups to easily understand what services they should use and how to migrate as well. All versioning within an organization should be done in the same manner. You are not going to want different teams defining different ways of applying versioning to services.

Working on these steps within your organization will allow you to start yourself on your path to an SOA. It is not too hard and only takes the core teams getting together to agree on the approach. Using these steps as your starting model will quickly get you on your way.

I was looking at the site Visual Studio Gallery at what was available as plug-ins for the new VS2008. Here are some that I know are cool and others that looked rather promising:

PowerCommands for VS2008

This seems to be the most viewed one and it does add a lot of quick and easy commands to your right-click menus. Commands include quite a few include Open Containing Folder and Open Command Prompt. Nice one.

Source Code Outliner

Look at your code in a treeview to easily access methods, properties, etc. Nice navigation tool over your code.

GhostDoc - One of my favorite documentation tools that I have been using for many years. Right click on your methods and objects to document them quickly and easily.

WCF Load Test - From Microsoft - if you are working with WCF, you of course want to load test your methods. This looks easier than using ACT or something similar.

XSLT Profiler - NEW from Microsoft - The XML team has provided this tool to help you with your XSLT transformations. From them:

"XML Tools team has released the XSLT Profiler Addin for VS 2008 - a quick and reliable performance analysis profiler tool that assists in the development and debugging of XSLT documents. The XSLT Profiler Addin for VS 2008 allows developers to measure, evaluate, and target performance-related problems in XSLT code by creating detailed XSLT performance reports. The XSLT Profiler includes a wealth of useful hints for XSL and XSLT style sheet optimizations, which are essential for XSLT-based applications that demand maximum performance.

If you need to develop reliable and robust software, the XSLT Profiler is capable of detecting the performance errors and defects in coding so that they are corrected at an early stage in the development. This is essential in reducing the overall cost of developing software applications. The XSLT Profiler tool is fully integrated into Microsoft Visual Studio 2008 to provide a seamless and approachable user experience, combining several Microsoft technologies, including Microsoft XML Editor and XSLT Debugger, Visual Studio Team System, F1 (Performance Suites), and more. "

FSharp - Oh Yeah!

Ankh SVN Plugin - For those that don't like Tortoise and want something that reminds them of the old days of VSS.

I was, for a moment, brought back to my childhood when I heard that Dungeons and Dragons Founder, Gary Gygax, passed away.

There was an interesting article on Slate (more of like a commentary) on the author's thoughts back to his childhood and D&D play. I myself, remember that I was really into the game as a geeky twelve year old. I wasn't that good at basketball even though I was pretty much the tallest kid in school. I was rather odd looking and really found my in-crowd playing D&D after school with a small group of friends (around 6 of us). The geekiest kid in our school was the leader of this gang but I was always convinced that he was modifying his characters in the evening to make them bigger than they were. Then there were the moments of trying to convince my mother that buying me some of the devil looking rule books was something I really needed her to do .... uuuuggggh. Fun days.

The new edition of the Wrox ASP.NET book is officially on the shelves today! Amazon received their shipment and it is now in stock for a CHEAP $34.64. My co-authors, Scott Hanselman and Devin Rader, revamped this book and added quite a number of new pages to deal with the new features from AJAX to IIS 7 to LINQ to this book. We really focused on helping the ASP.NET developer understand the tools, APIs, controls, and environments at their disposal for this release. ASP.NET is, in my humble opinion, one of the coolest, most exciting, quickest, and secure ways to present your applications. The technology keeps changing and adapting to the changing market place. We use this technology heavily at Reuters and at Lipper (www.lipperweb.com). Let me know what you think of the book. One of the nice things about this book and one of the big differences you will see in this book over others is that we cover everything in short and to the point examples in BOTH VB and in C#. We do not say that the book is in both and then point you to a separate download for the code in the language that didn't make the book (as most other books do).

You have a host file found at C:\Windows\system32\drivers\etc\hosts that allows you to specify IP addresses and their mappings to a URL. For instance, when you type in http://www.reuters.com or something similar - you are actually going to an IP address (216.35.67.135) that is mapped using a DNS server somewhere. Sometimes you are not going to want to do the DNS lookup, but instead use a specific and known IP address when a URL is typed in within your browser or if your application is using URLs to surf the Internet.

Opening the host file in Notepad, you can make these mappings yourself. By default you will find the following in the file:

# Copyright (c) 1993-1999 Microsoft Corp.
#
# This is a sample HOSTS file used by Microsoft TCP/IP for Windows.
#
# This file contains the mappings of IP addresses to host names. Each
# entry should be kept on an individual line. The IP address should
# be placed in the first column followed by the corresponding host name.
# The IP address and the host name should be separated by at least one
# space.
#
# Additionally, comments (such as these) may be inserted on individual
# lines or following the machine name denoted by a '#' symbol.
#
# For example:
#
#      102.54.94.97     rhino.acme.com          # source server
#       38.25.63.10     x.acme.com              # x client host

127.0.0.1       localhost

This shows only one entry - localhost. This means that when you type http://localhost/whatever you will actually be routed to 127.0.0.1 (which is the IP address of your local machine without leaving the machine). One nice trick is that you can change this to something like the following:

127.0.0.1        m

Now instead of typing in http://localhost ... you can now use http://m. Also, getting the IP addresses of sites you frequently type in, you can do something like the following:

66.35.250.150   s        # slashdot.org
216.239.39.99   g        # google.com

Here, typing in 's' will take you straight to Slashdot.org (the pound or hash symbol signifies comments). Typing in 'g' will take you to Google.com. Probably one of the coolest features you can accomplish with this host file is that you can route all requests to advertisements on a page to your local machine. This means that instead of your computer making a request to get the ad (usually a .gif or .jpg image) you computer will simply route the request to the local machine (thereby really never making the request). This will improve your browsing performance. So, for instance, take a look at the following:

127.0.0.1 adserver-2.ig.com.br
127.0.0.1 adserver-3.ig.com.br
127.0.0.1 adserver-4.ig.com.br
127.0.0.1 adserver-5.ig.com.br

So when a page is instructed to make a request to adserver-2.ig.com.br for the advertisement, you computer will instead make the request to the local machine - thereby not producing the ad on your computer. Obviously this would be a lot of work to compile a list of advertisement URLs - but you can find a complete list to put in your host file at http://someonewhocares.org/hosts/. This works on most Windows machines, including Vista. Enjoy a better surfing experience!

Though just rumors at the moment, there has been some talk in some computer journals that they are hearing that Vista's Service Pack 1 is going to be released in the next few weeks. One reported that Microsoft is aiming for February 15th for the *much anticipated* release. I, myself, have seen these rumblings in both Wired and Computer World magazines.

Though the RC1 build has been out for some time, I have always been rather wary of installing a beta or an RC build of a service pack. I really worry about uninstalling such a beast and what does that do to the final install that you make. I am really a believer that you should only be working with beta versions of service packs in virtual images that can be blown away.

I can't tell you how excited I am to be getting this service pack - as many others are for sure. I once heard that this service pack includes fixes for more than 25,000 bugs. Wow.