Is it just sheer coincidence that the map of the msn direct coverage in the Burlington, Vermont area is shaped like a butterfly?
 |  |
Daily Archives: October 6, 2004
Chiming in on the current Indigo blog discussion
Softwaremaker, Benjamin Mitchell, Sam Gentile and some others have been having a conversation about Indigo. I wanted to chime in on a particular point Benjamin made about Indigo that is also about WSE which is building up to Indigo.
one of the reasons I’m so excited about Indigo is this focus on designing the programming model with developer usability as a goal.
Hey, he’s talking about me (and you). I know I have put myself in the role of guinea pig here because I am “the developer”. I am the developer and not the plumber so although I am darned good at writing software, I have to put a lot more effort in to comprehending what’s going on in the background – and many developers will never even bother with that effort because it is sadly a big one.
So making the programming model intuitive enough and streamlined enough that developers can latch onto it easily and then our software can a) benefit from what is going into these tools and b) participate in interop if that’s where we are working. But if you are already a plumber, it’s pretty hard to grok what is and isn’t comprehensible to a non-plumber. I am really working at trying to understand this stuff, trying to translate it to others so they won’t have to put so much effort in and also trying to let Microsoft know when something just IS NOT accessible, when I work REALLY hard and I STILL am not getting it. I wish I had had the time to do this before WSE2 was released, but sadly I didn’t.
There has got to be a place somewhere in between “way too hard for me to spend the time figuring out” and “just click a few buttons and you have access to 10% of the features but not anything else”. I know they are working on it. The programming model is pretty intuitive and really, once you get the basic chore down: create the different types of security tokens you are going to use in your messaging, add them to the soapcontext of your web service, define the elements you are going to use to secure your message and assign the proper one of your tokens to the elements, then add those elements to the soapcontext and go. There is a layer of WSE2 that will simply answer the needs of many applications. It’s only when you try to move away from that layer do you (well, if you are me) get in trouble.
Right now the pain I’m feeling is in the area of working outside of the simplicity of using x509 certificates. I haven’t even gotten much further than the basics. I haven’t even considered interop yet. I’m just writing the front and back ends in .net and trying to get them working together in a variety of scenarios.
So what’s my point here? Something about the fact that yes, they are definitely getting there, because I, Julie Lerman, can actually use WSE2 (although I did work really hard to get myself to the not-even-very-impressive-point that I’m at right now) and if they can just keep going on this same path between WSE2 and the future WSEs that we get up until Indigo, I bet we’ll be in damned fine shape.
Oh and there was one other thing I wanted to comment on which is the perspective that William (Softwaremaker) writes about in his post – about focusing on Interoperability. The funny thing for me is that I am not even LOOKING at interop. At the moment I don’t happen to need it with the applications I am working on. I am not trying to learn this stuff so that I can do interop, rather because one of the side benefits of all of this work that everyone is doing with ws-* in order to make interop work more fluidly and efficiently is that we can also leverage these tools in our proprietary applications (hmm – what is the word for non-interop?). I’ve got .net on both ends of my pipe. I’m not interoping with myself or anyone else. I’m not disagreeing in any way with William as I have no experience in that space at all. I just find it intersting that the real purpose behind WSE and Indigo is for interop, hell the real purpose behind web services is interop, but these tools (well obviously not Indigo yet) are the most important players in my application architecture anyway.
oh my goodness – he’s turned green!
and I always thought Bristowe had a thing for orange…
hmmm is it one of those Alienware machines? Makes sense they could have that effect.
Two nights, Two Montreal .NET User Groups
I had fun in Montreal! I presented at the GUVSM user group run by Guy Barrette and Eric Cote (who do a very great and fun Johnny Carson/Ed McMahon, Dave Letterman/Paul Schaffer kind of routine although Guy is definitely a straight man). There were 75 people at the meeting! But it was a special meeting. There were two presentations, the first being Mario Cardinal speaking about the Microsoft Application Blocks (in French so I sat in the lobby), my own WSE presentation and MSDN Canada had donated 20 sets of MS Press .NET Certification books to give away to attendees. So it was a great draw.
It was my first time doing this talk and I learned that I actually have two talks built into there, so in the future I will split them up and be sure that I have at least 2 hours of user group time available. The first part of my presentation is something like “everything you wanted to know about the tools of security – keys, encryption, signing, and the 4 tenets: authentication, authroization, integrity and confidentiality, etc. etc. – but nobody ever explained becasue they assumed you knew it and then you were too embarrassed to ask”. So that’s the long title. Anyway, I was so excited about presenting this information that it ended up being most of the talk. I will have to decide how to modify this entire presentation so I can cover a little more mileage with a little less detail at DevConnections and of course one of my demos tanked ugggh – isn’t that the way. However, the talk was really well received because people walked away with a much greater understanding of the foundations of security and I told them that they just MUST do the Hands on Lab that is on the msdn.microsoft.com/webservices/buildling/wse site.
It was a fun group and a fun night.
Since Sylvain Groulx requested that I stay to talk to his group, GUMSNET, on Tuesday, that group paid for a hotel room for me to stay overnight. Oooh I just LOVE the Omni Hotel especially that as a Select Guest you don’t have to check out until 4pm. So I just stayed there all day in my p.j.s working. What a huge luxury. Now if only they had SECURE wireless rather than unsecure…
The GUMSNET group was getting an updated version of my What’s new in the Whidbey Base Class Libraries talk. That just gets more and more fun every time I do it and I seem to do it right after a release and get to add new things into it all of the time. This time, one of the topics I added in was the BackgroundWorkerProcess class. Unfortunately, I had looked it over, looked through the online samples and though wow – very cool, I get what it’s doing, must add this in. However, it is such an interesting class that we all wanted to dig further into it, but I didn’t have enough knowledge of it at the time. So that’s on my todo list for a mod to this presentation.
There were two questions during this talk that I want to follow up on.
One: Do DebuggerVisualizers get used by classes derived from the classes they are targetted for? The answer is YES! (or should I say “Oui!”) Here is an excellent article by Scott Nonnenberg from Microsoft on the topic and a direct quote:
Multiple visualizers can be associated with one type, and a visualizer can be associated with multiple types. A class derived from a class with visualizers associated with it will inherit those associations, but visualizers cannot be associated with interfaces.
Of course, I still want to test this myself…
Two: Does Client-Side Caching persist across sessions? The logical answer is yes, of course, because it’s on the local machine. However I am going to get confirmation in case there is something wrong with my logic.
Merci, GUVSM et GUMSNET, pendant un temps merveilleux à Montreal!
Q & A on WSE Newsgroup
I am taking the plunge and trying to answer some (of the simpler) questions on the WSE newsgroup. It’s a little scary. I know I know this stuff (where I dare to answer) but there is this little voice in the back of my head that says “what if you don’t REALLY know it and you are just misinforming people?” That’s a really hard thing to deal with but goes away with time and you have to deal with it on each new subject that you learn about. So Hervey, if I’m not ready for prime time and my responses make you roll your eyes, just let me know (though privately may be a bit kinder… 😉 )
Hey – MSDN Events Website OWNER – look HERE!!!
Please please please can someone fix the drop down of event locations for the current cycle? It says MONTPELIER Vermont and the lcoation is Burlington and there has been a huge amount of confusion because it actually was originally scheduled for Montpelier (though the details said Burlington) . Now it’s really in Burlington but says Montpelier. Our DCC has tried to get this fixed and it hasn’t been. I am spending WAY too much time trying to help many confused people. Please can somebody fix this?
By the way, the new site design is VERY nice.
Yours truly,
Frustrated in Vermont
Vermont ITJobs – Programmer needed for small, fun accounting software company
Data Systems Inc., Burlington, Vermont
(see below for a more candid description of the job…)
PROGRAMMER’S JOB DESCRIPTION
Be part of a dynamic small company where work life is never dull.
A job description follows:
PROGRAMMING in PRO-IV (fourth generation language or RAD):
• With senior systems analysts, design accounting software for new applications.
• Organize and help complete programming projects in cooperation with other programmers.
• Enhance already existing programming for our customers.
CUSTOMER SUPPORT
• Answer customer questions on our major order fulfillment and accounting software products, PRO*ACCT, FUEL*PRO & FISH*PRO.
• Trouble shoot problems in the PRO*ACCT, FUEL*PRO and FISH*PRO order fulfillment and accounting modules.
MISCELLANEOUS TECHNICAL SKILLS
• Other technical skills and knowledge are useful , i.e., in Visual Basic, LINUX, UNIX, WIN2000, Web design and Java are helpful.
• Accounting
Contact Data Systems, Inc. for more info at datasystems@datavermont.com
———————————-
(a note to me from the president of the company since I didn’t know what PRO-IV was)
PRO-IV is not based on Visual Basic; however knowing BASIC logic and the feel of Visual Basic would help someone learn PRO-IV. It is an extra-ordinary development environment. I would love to do a presentation on it sometime. We create very powerful applications in very short periods of time and those applications run on 25 or so different platforms!! In addition to developing order fulfillment and accounting applications, we also do dynamic web sites and E-Commerce. What we need most at the moment is someone to work with our order fulfillment and accounting applications.
We are looking for someone with the following traits and abilities:
1 – a good problem solver and basic programmer (can program in Visual Basic or its equivalent). Knowing something about operating systems especially Linux or Unix is also a strength.
2 – familiar enough with accounting to know whether you would enjoy spending 40 hours a week designing and coding accounting applications.
3 – interested in ultimately being a business owner because Data Systems is a worker owned corporation and every worker is offered ownership annually. We want everyone working for us to be owners.
You do not need to know how to program in PRO-IV. We would train you in that language.
ASP.NET Security Vulnerability – take heed and get thee (quickly) to Microsoft’s info on it
From Microsoft’s Brian Goldfarb:
Tonight we posted a bunch of information about a reported ASP.NET security vulnerability. I urge you to take a look at the security incident page at:
http://www.microsoft.com/security/incident/aspnet.mspx
That page has all the latest info and will continually be updated as new information becomes available. You can also get in depth information on how to help protect your ASP.NET site by taking advantage of some simple code to programatically check for canonicalization issues at http://support.microsoft.com/?kbid=887459
There is also a discussion thread that I started on www.asp.net forums that you can find at http://www.asp.net/Forums/ShowPost.aspx?tabindex=1&PostID=711220 — you can ask questions directly there.
Brian Johnson also makes a great point about getting free support (in North America) on security/virus related issues by calling (866) PCSAFETY (I think this is pretty cool, never realized it before to be honest — now I know where to send my friends and family when they have problems though 🙂 .