Tuesday, December 27, 2005

Notes on Application Designer in VSTS

You can have only one application diagram in your solution because it describes the overall structure of the solution in terms of interconnected applications. However, a solution can have multiple system, deployment, and logical datacenter diagrams.

Some of the Microsoft-provided application types support a full round-tripping experience with code—notably ASP.NET applications and Windows applications. That is, changes made to code are reflected in the designers, while changes made in the designer are reflected in code.

The ASP.NETWebService prototype is in effect an ASP.NETWebApplication prototype that has the Web content endpoint removed and a Web service endpoint added for your convenience.

Applications communicate through endpoints, and for two applications to be connected together, there must be a provider endpoint at one end of the connection and a consumer endpoint at the other end.

Adopted from Tony Loton's article Introduction to the Visual Studio 2005 Application Designer, Part 1

Distributed System Designers in VSTS

The Visual Studio 2005 Team Architect edition provides four visual designers collectively known as the Distributed System Designers. These four visual designers are:
  • Application Designer
  • System Designer
  • Logical Datacenter Designer
  • Deployment Designer

Application Designer allows you to define the applications that comprise a distributed system. You can then use those application definitions in System Designer to compose applications into deployable systems. Following this, you can evaluate system deployment using Deployment Designer.

Independently, Logical Datacenter Designer allows you to define a logical representation of the target datacenter in which applications (composed into systems) will be deployed. Consequently, Deployment Designer takes as input not only a set of system definitions from System Designer, but also a set of logical server definitions from Logical Datacenter Designer.

Adopted from Tony Loton's article Introduction to the Visual Studio 2005 Application Designer, Part 1

Some Tenets That the Agile Alliance Agrees On

Here are some tenets that the Agile Alliance agrees on:
  • Individuals and interactions are more important than processes and tools
  • Customer collaboration is more important than contracts
  • Working software is more important than comprehensive documentation
  • Responding to change is more important following a plan

I know several interpretations of the tenets that the Agile Alliance agrees on. I like this one the most. This one is adopted from Richard Hundhausen's book Working With Microsoft Visual Studio 2005 Team System.

PM Skills

Chris Sells posted some excellents points on PM skills. The following are some highlights:

PM Skill #0: Know Your Job
PM Skill #1: Communicate, Communicate, Communicate

A PM's job is to ship the right thing on time and on budget, while keeping your team happy.

Read more details from his posts.

Monday, December 19, 2005

Notes on Billy Hollis's Talks

I read quite a few Billy Hollis's articles from VB.NET columns, but I never meet him in person until this "P & P" summit. He gave two talks at "P & P" Summit : "Smart Client Case Study" and "Re-engineering to support workflow." Here are some notes from his talks:
  • If we try to convert a legacy system to an .NET application, read his slides first for the lessons he learned.
  • Declarative programming is what you want whenever possible
  • Deal with developers who are not familar with .NET programming
  • Workflow = Work + Flow
  • Service Broker is the best for "Work"
  • BitTalk is good for "Flow"

Benefits Of LINQ

The follow are benefits of LINQ:
  • Unified querying of objects, relational, XML
  • Type checking and IntelliSense for queries
  • SQL and XQuery-like power in C# and VB
  • Extensibility model for languages / APIs

Taken from Anders Hejlsberg's slides.

Exception Policies

The following are some “Exception Policies” from Patterns & Practices:
  • Exceptions of type ApplicationException should be logged
  • Exceptions of type SqlClientException should be caught and wrapped with an exception of type DataLayerException and re-thrown
  • Exceptions of type SecurityException should caught and replaced with an AccessDeniedException which will be thrown

Adopted from Tom Hollander's slides: Enterprise Library for .NET 2.0:Architecture & Lessons Learned.

Sunday, December 11, 2005

UI Thread Rule in .NET Framework 2.0

Windows Forms relies on the underlying Win32® messages. Therefore, it inherits the classic Windows programming requirement that only the thread that created the window can process its messages.

The UI Thread rule states that you must never use any member of a Control on any thread other than the one that created it with exceptions of Control.Invoke, Control.BeginInvoke, Control.EndInvoke, and Control.CreateGraphics.

In his article: C# 2.0: Create Elegant Code with Anonymous Methods, Iterators, and Partial Classes, Joval Lowy stated that calls on the wrong thread will always trigger an exception under Windows Forms in the .NET Framework 2.0. I haven't yet verified this from official source, but I trust Joval. This is great!

When using multithreaded programming in Windows Forms, you should begin to use the BackgroundWork component. Check my post BackgroundWorker Component in Windows Forms 2.0.

Anonymous Methods in C# 2.0

Anonymous methods is a new feature in C# 2.0 that lets you define an anonymous (that is, nameless) method called by a delegate. Creating anonymous methods is essentially a way to pass a code block as a delegate parameter.

// Create a handler for a click event
button1.Click += delegate(System.Object o, System.EventArgs e) { System.Windows.Forms.MessageBox.Show("Click!"); };

The anonymous method is defined in-line and not as a member method of any class.

Anonymous methods can be used anywhere that a delegate type is expected. You can pass an anonymous method into any method that accepts the appropriate delegate type as a parameter. A concrete and useful example for passing an anonymous method as a parameter is launching a new thread without explicitly defining a ThreadStart delegate or a thread method:

void StartThread(){
System.Threading.Thread t1 = new System.Threading.Thread(delegate() {
System.Console.Write("Hello, ");

An anonymous method can use any class member variable, and it can also use any local variable defined at the scope of its containing method as if it were its own local variable.

An anonymous method can use generic parameter types, just like any other method. Because delegates can define generic parameters, an anonymous method can use generic types defined at the delegate level.

Anonymous Methods are quite useful because it replaces the need for creating a simple method in cases where only a delegate will suffice.

Adopted from Joval Lowy's article C# 2.0: Create Elegant Code with Anonymous Methods, Iterators, and Partial Classes and C# Programmer's Reference: Anonymous Methods.

Saturday, December 10, 2005

Iterators in C# 2.0

An iterator is a section of code that returns an ordered sequence of values of the same type.

In C# 1.1, the Iterator design pattern is used to shield iterating clients from the actual implementation details of the underlying data structure, enabling the use of the same client-side iteration logic over multiple data structures.

But there are some problems. The first is that if the collection contains value types, obtaining the items requires boxing and unboxing them because IEnumerator.Current returns an Object. This results in potential performance degradation and increased pressure on the managed heap. Even if the collection contains reference types, you still incur the penalty of the down-casting from Object. While unfamiliar to most developers, in C# 1.0 you can actually implement the iterator pattern for each loop without implementing IEnumerator or IEnumerable.

The Microsoft .NET Framework 2.0 solves this problem by defining the generic, type-safe IEnumerable and IEnumerator interfaces.

Besides making use of generics, the new interfaces are slightly different than their predecessors. Unlike IEnumerator, IEnumerator derives from IDisposable and does not have a Reset method.

The second and more difficult problem is implementing the iterator. Although that implementation is straightforward for simple cases, it is challenging with more advanced data structures, such as binary trees.

Using iterators in C# 2.0, you can have the C# compiler generate the implementation of IEnumerator for you. The C# compiler can automatically generate a nested class to maintain the iteration state. You can use iterators on a generic collection or on a type-specific collection. All you need to do is tell the compiler what to yield in each iteration. The following is an example.

public class CityCollection : IEnumerable
string[] m_Cities = {"New York","Paris","London"};
public IEnumerator GetEnumerator()
for(int i = 0; i << m_Cities.Length; i++)
yield return m_Cities[i];

Your collection can easily expose multiple iterators, each used to traverse the collection differently. For example, to traverse the CityCollection class in reverse order. You can stop the iteration midstream by using the yield break statement.

The compiler-generated iterator object (and its state) does not persist across foreach loops. This is why IEnumerabledoes not define a Reset method.

Adopted from Joval Lowy's article C# 2.0: Create Elegant Code with Anonymous Methods, Iterators, and Partial Classes.

Friday, December 02, 2005

Review on My Past Posts

It’s amazing to see that I have blogged for more than one year. Some of my posts are about things and lessons that I learned from work and research. But most of them are notes taken by reading articles and books. I recorded things that I felt touching and useful. My posts represent my interests at the time when they are posted. Actually I use my blog as my notebook. I need to come to my blog quite often to check things. Since I have many posts, now it’s a good time to group them so that I can check thing more efficiently. That’s the purpose of this post.

IIS and ASP.NET security:
Protected Directories in ASP.NET
Protecting Resources in IIS
Accessing Files in IIS 6.0

SSL Session Key and Key Pair
Compatibility Issues From IIS 5.0 to IIS 6.0

Enhanced Security Configuration for IE:
IE Enhanced Security Configuration and Smart Clients on SSL
Enhanced Security Configuration for Internet Explorer

SQL Server security:
Phases of SQL Injection
The Main Threats to a Database Server
Some Common SQL Injection Commands
Preventing SQL Injection Attacks
How to Grant Access to SQL Server for the Network service account
Find Other Procedures Using the Same DLL
Some Useful SQL Queries

ASP.NET security:
The Main Threats to a Web Server
How to Create a Service Account for ASP.NET
New Security Features in ASP.NET 2.0
The one-click attack and ViewStateUserKey

Web Parts in ASP.NET 2.0
ViewState in ASP.NET 2.0
ViewState in ASP.NET 1.x
Reviewing State Management in ASP.NET
Instrument and Monitor Your ASP.NET Apps Using WMI

ACLs and privileges:
Manipulate Privileges in Managed Code
Access to ACLs with the .NET Framework
Some Basic Facts about Access Control

XML Signatures and Encryption

.NET Framework 2.0 resources:
WinForms 2.0 resources

Version compatibility in .NET:
Upgrade to .NET Framework 2.0
Assembly Binding Redirection
Determining Which Version of the Runtime to Load
Version Compatibility

Smart clients:
Identifying Data Stored on the Client for Smart Clients

The Challenge with Smart Device Development Using the .NET CF
Mobile Device Supports in Visual Studio 2005
The .NET CF Shipped with Visual Studio 2003

Sockets in .NET:
Sockets in .NET
Aborting a TcpListener listening thread
Derived TcpClient classes used on the server side

Improving Reflection Performance
What Reflection APIs Are Slow and What Are Not?

Images and drawing:
How to create a 1-bit-per-pixel image from a true-color image in .NET
Some Basic Facts about GIFs

Web services:
Three ways to consume Amazon Web services in .NET
Consuming Web Services Efficiently
Amazon Simple Queue Service (Beta)

SOA and WSE:
Signed Messages in WSE
Securing Service Oriented Architecture with WSE 2.0

Concurrency: What Every Dev Must Know About Multithreaded Apps
Ian Griffiths on UI Thread
BackgroundWorker Component in Windows Forms 2.0

CLR internals:
Method Slot Table and MethodDesc
Type Fundamentals
Domains Created by the CLR Bootstrap

Thread.CurrentCulture and Thread.CurrentUICulture
CultureInfo.CurrentCulture and CultureInfo.CurrentUICulture
Globalization Features in Whidbey

X.509 Certificates:
Using an X.509 Certificate in WSE 2.0
X.509 Certificates

Logging and event log:
Security Log
Network Service and Event Log
Tampering with Log Files
Richard Grimes on EventLog

What Are the Benefits of Generics?
How Are Generics Implemented?
How Are Generics Different from Classic Visual C++ Templates?

Visual Studio 2005 Team System

Windows Vista:
Security in Windows Vista: UAP and NAP Framework

Misc on .NET:
Constrained Execution Regions in the .NET Framework 2.0
You can't directly change boxed values in an array list
Export ASP.NET Data to Microsoft Office
One Issue on FxCop
All about Statics

Design patterns:
Static Classes in C# 2.0 and Abstract and Sealed Pattern
Abstract and Sealed Pattern in .NET
Bridge Pattern and Abstract Factory Pattern
Bridge Pattern and Strategy Pattern
Some mandates of the design pattern community

Design related:
Emergent Design
Alan Shalloway's Rules
A XP Developer's View Point
Steve McConnell's Comment
XP and design

A SOS Extension Issue in VS 2005 Beta 2
SOS Commands
Some Useful Tools in Production Debugging

Unit tests:
Best Practices for Writing Unit Tests
Benifits of Team Test

Data Execution Prevention (DEP):
An Example of Compatibility Issues with Data Execution Prevention
Data Execution Prevention in XP Service Pack 2

Software security lifecycle:
SD3+C: High-level Principles for Building More Secure Software
Three Facets to Building More Secure Software

Security related coding:
Thread.CurrentPrincipal in .NET Framework 2.0
How to Handle Exceptions Securely
Keeping Attackers Out of the Control Channel
How to Develop Code as a Non Admin
Where to store data files?
Using the ASP.NET Credentials Management Infrastructure in a Windows Forms Application
Application Development Security Guidance for .NET 2.0

Network security:
A Definition of Network Security
The Defense-in-Depth Model
Keep Security Simple
System Admin vs. Security Admin
Types of Network Attacks
Emergency Response Process
The Goal of a Security Audit
Accessing and Managing Security Risks

Security policies:
Policy, Process, and Technology
Why a Security Policy Is Necessary
How to Make Users Aware of Securities Policies
Some Policies You Might Need

Credentials and Delegation
How to Provide CIA for A Network Connection?
What Does A Network Authentication Protocol Do?

Detection and avoiding detection:
Some Common Ways an Attacker Can Attack IDSs and IPSs
IDSs and IPSs
How Attackers Avoid Detection Post-Intrusion
Some Common Ways Attacks Avoid Detection

Penetration Testing and Vulnerability Scanning:
Difference between Penetration Testing and Vulnerability Scanning
Steps for a Vulnerability Scanning

Some Useful nslookup Commands
Types of DNS Zones
Three DNS Server Configuration Roles
How does DNS resolve FQDNs to IP addresses?

Using IPsec for Domain Isolation
Using IPsec to Protect Servers
IPsec over NAT
Notes on IPsec

Misc on network security:
Notes on VPN
Hacking the Windows SMB tutorial
Network Sniffers
Well-known Ports

Watching the First XAML Presentation
NTFS Alternate File Streams
Hiding Files on Windows Systems
CodeAsDocumentation by Martin Fowler
The 46 Best-ever Freeware Utilities
Gordon Moore: Software is too complex
Microsoft® Dynamic Systems Initiative
The Philosophy of Profilers
How to get around "right click disabled" on some websites?
Windows XP Service Pack 2

Thursday, December 01, 2005

How Are Generics Different from Classic Visual C++ Templates?

Generics are similar in concept to classic C++ templates: both allow data structures or utility classes to defer to the client the actual types to use, and both offer productivity and type-safety benefits.

There are two main differences: in the programming model and in the underlying implementation. In the programming model, .NET generics can provide enhanced safety compared to classic Visual C++ templates. .NET generics have the notion of constraints, which gives you added type safety. On the other hand, .NET generics offer a more restrictive programming model—there are quite a few things that generics cannot do, such as using operators, because there is no way to constraint a type parameter to support an operator. This is not the case in classic Visual C++ templates where you can apply any operator you like on the type parameters. At compile time, the classic Visual C++ compiler will replace all the type parameters in the template with your specified type, and any incompatibility is usually discovered then.

Both templates and generics can incur some code bloat, and both have mechanisms to limit that bloat. Instantiating a template with a specific set of types instantiates only the methods actually used; and then all methods that result in identical code are automatically merged by the compiler which prevents needless duplication. Instantiating a generic with a specific set of types instantiates all of its methods, but only once for all reference type arguments; bloat comes only from value types, because the CLR instantiates a generic separately once for each value type argument. Finally, .NET generics allow you to ship binaries, while C++ templates require you to share some code with the client.

Adopted from Generics FAQ: Fundamentals by Juval Lowy.