Jay Kimble

It took a bit of time for this release. In the end I had to take everything a step back (as well as there are probably a few "mid thoughts" in here as the release of SL2 Beta 2 caught me a bit by surprise... actually the changes to the DLR caught me more by surprise).

The step back is that we no longer get script code lines when there are issues. I’ll try to bring this feature back, but right now if it breaks, you’ll know it via an alert with a .NET error.

Future direction
I need some feedback on this. I’ve been thinking about scrapping any attempt at jscript compatibility and am thinking more about ecma3 support (DLRJScript has an ecma3 mode). The benefit there is that I could start focusing on building a better set of client-side APIs instead of a more compatible one. That said, I’m not sure how qualified I am at coming up with a "better" set of client-side APIs.

I do want some feedback though. Let me know what you think: jkimble-at-gmail.com.

posted @ Thursday, July 24, 2008 4:12 PM | Feedback (0)

Share this post:  Email | Digg This! | Stumble This! | Save to del.icio.us | Share on Facebook | Add to Live Favorites |

[NOTE: I haven’t quite had much of a chance to look at the new Preview 4, so take this as someone nearly informed. I haven’t read about anything in the Preview 4 that changes what I’m going to say. Also, remember that I am the admin/editor of the blog site which is Alt Alt.NET... so testability/mockabilty doesn’t really resonate with me.]

I know it’s shocking that I would have something to weigh in on MS MVC, but I do. For those who don’t know. I took some issue with Ayende’s "leaky abstraction" back in my CodeBetter days (they had to love having me around). BTW, I understood and agreed in some respects, but in others I was less than agreeable. I still think Web Forms are viable and usable, but in some cases the paradigm breaks down, so the need for another paradigm is both welcome and interesting (and before anyone brings up Castle, PixelDragon, or CodeStory MVC frameworks, I have looked at them as well and found them --in general--way too complex to get started with which is not to say that a couple templates could help you guys out...).

Why I’m interested?
Ok, the reason I’m interested is summed up in one word: RIAs. I could have summed that up in 2 words: Ajax, and Silverlight2. The other thing is that I have used the MVCContrib’s Restful feature to build REST services (way cool).

The Good
I really like the simplicity. I mean MVC isn’t simple, but the MVC framework makes it easy to keep your layers separate... you still have to think about what you are doing, but on the whole it’s pretty easy to use. The MVC paradigm allows for a truer coding experience (the engine doesn’t pretend to be a Windows application in any way although you can still use things like session and the forms authentication engine in ASP.NET).

The MVCContrib library is indispensable. It’s an open source library that is a community project that adds additional features to the MS MVC architecture. For instance there are a number of alternative view engines; I haven’t investigated all them yet (and for the most part I am sticking with the ASPX engine... although my later comments may lead you otherwise).

The Not So Good
Before I say this I want you to realize I have written a grand total of 2 apps with this. App1 used the Restful plugin and really shouldn’t count, so I have written exactly 1 app (so definitely take this with a grain of salt).

Complaint number 1 is that I felt like I was writing old ASP code. I used the inline code method for writing output into my HTML. I probably could have written in the codebehind and had a clean web template with code separation (something I’m a believer in, but it was my first app)... probably more my fault than the engines, but there is a lot of sample code out there already that lead you down this path.

Complaint number 2 really is valid. The whole idea of MVC is that I should be able to swap out the view engine. Or better yet, be able to respond to a request and supply a view that is more suited for the client. Someone pointed out to me that one of the big features of ASP.NET 1.0 was that it would supposedly do this... I would really love for MVC to make it easy to determine that "this is a mobile browser" supply the mobile template (if one exists). Or better yet, this client is requesting that I send XML... evidently it’s some kind of Rich Client. Specific methods can be triggered to deliver a specific type, it would just be nice if the framework would detect that the client "accepts" (that’s a ServerVariable pushed in the header) only "Application/Json" so the MVC app should use a JSON result or convert the result I got to JSON and push it directly down to the client.

This would make the MVC part of this more useful to me (remember all the stuff I said up front... and Yes, I know I can do this myself and have... it just would be nice if I could get the controller framework to make it easy for me to configure and then do this for me)

posted @ Thursday, July 24, 2008 9:45 AM | Feedback (0)

Share this post:  Email | Digg This! | Stumble This! | Save to del.icio.us | Share on Facebook | Add to Live Favorites |

[Disclaimer: Before I start this series I want you all to know that I love Resharper! It has made me a better developer, and if you pay attention you will see why I think that. At the same time I love Dev Express. As a company they are constantly giving back to the community. While I’m not a fan of Mark Miller’s humor, their addin framework is about the best you will find IMO... and Scott Hanselman (ScottHa from here on) loves CodeRush/Refactor. I love ScottHa; he has shown me all kinds of cools utility that I couldn’t live without... he is angelic... I went looking for a halo for his picture... nahh been done <grin />. Anyway, this article series I hope will do a good job of comparing and contrasting the 2 VS2008 IDE adds in their current forms (which CR is at 3.0.8 and R# is at 4.0)... and this is really from my personal perspective on what I use]

I’ve been using R# for quite awhile and honestly I have felt that it made me a better developer. I know I’m not a TDD guy, but there are so many goodies in it that I just simply loved it. BUT, my license ran out. I was in a debate about what I was going to do.

As it turns out (late) last year, I was given a license to CodeRush/Refactor Pro. I had been intrigued by their lengthy list of Refactoring and how they were doing ASP.NET refactorings. Well, about that time the betas of R# started happpening and personally I was going through the collapse of my business (and the amount of development I was doing dwindled, so honestly I did the bad thing and forgot to blog about it.

Like I said my R# ran out, but I remembered that I had CR/RFP, so I decided to re-install it and look around (and really look around), so for the next 30 days I will be exclusively using CR/RFP and will be looking to see how it compares to the features of R# that I actually use (you might use other things), and will of course be blogging about it.

The number 1 feature of R# that I use is it’s code analysis I love being able to look at my C# code and at a glance am able to tell if there are issues with the code at a glance. I have actually learned things from the suggestions it gives me... so I can’t live without that.

Guess what, I remembered reading a veiled reference to CR’s Code Analysis on Dave Hayden’s blog. It’s off by default, so if you are playing with CR... here’s how to turn it on. Bring up the DevExpress menu’s options, turn on Expert mode (I think you need that), and type "Code Issues" in the Search Text box. Check the enabled check box when the Code Issues options appears and Viola! You now have analysis on your code.

My initial knee jerk reaction is that the Code Analysis is almost as good as R# (almost), but then sometimes R# recommends things that I’m not really interested in doing (I know you can tweak it’s suggestions).

On the other hand, CR doesn’t seem to bog down the environment for me!

So take your pick... CR has come a long way from when I last used it. It used to have some annoying "features" that seemed to have been tuned. (their auto-complete used to annoy me/get in my way... I would say that it neither gets in my way nor annoys me)

posted @ Tuesday, July 22, 2008 9:09 AM | Feedback (1)

Share this post:  Email | Digg This! | Stumble This! | Save to del.icio.us | Share on Facebook | Add to Live Favorites |

I am proud to announce that I and a couple other guys are starting User Group that revolves around User Experience (or UX) in the MS tools eco-system. The other guys are Shawn Cady, Perry Panagopoulos, and Bill Reiss (MVP) [Bill always gets his MVP props].

I could give you all their backgrounds, but I’ll make them do it at the first meeting. I’m sure Papa Fish (aka www.devfish.net) the local MS Dev Evangelist (my Blog Father) Joe Healy will be around (at least for the first meeting).

TUX' Focus
Our focus will be on the "now" of Ajax and how it integrates with ASP.NET (in all its various forms), and the "future" of Silverlight2, and anything in between (like adding Silverlight2 controls to Ajax sites, etc); we’ll not be stuck in just Web either... we’ll probably do some WPF as well. We’ll also be  dealing with some of those more abstract things that you need to get better at (like how to be a better designer, creating good user experiences, etc.), and we will do our best to keep this group "devsigner-friendly" (devsigner is a developer who is also a designer).

We have a lot of really creative ideas to make this fun and useful to you today as well as with an eye for the future (but I don’t want to blow them all)... We will definitely keep this interactive and will try to help you solve your problems as well (at least we’ll be around to chat with you before and afterward).

First Talk: Intro To MS Ajax Scripting
The first person to present will be me. I will be pulling a talk out of my paid pile which means that you have probably never seen me give this talk (unless you work at one of the companies I gave it at)... this is very special and will never be repeated (well, maybe). This talk is one that I have yet to see anyone give (for free). It’s an introduction to the MS Ajax scripting framework. Oftentimes you see a demo where someone shows you how to build an Ajax Extender control where a JavaScript is thrown in, but rarely (I’ve never seen it done) does someone talk to you about building the script behavior which is used to create the Server-Side Extender (I will in fact be doing just this). You will leave this talk with the knowledge of how to do it. As is often the case when I talk about JavaScript, I’ll end with a Script# demo which will make your life a lot easier (so we’ll build the last demo in C# which will be compiled to MS Ajax-style JavaScript); this big demo is a selection grid behavior that I built for my employer to replace a commercial grid component that we were using; you’ll definitely have a use for it.

Bonus
We’ll have Pizza provided by Answers Systems, so just get there after work... you don’t need to eat first.

AND!!!! Bill Reiss (MVP) has graciously given us an MSDN Premium Subscription (used to be MSDN Universal) to give away, so don’t miss it.

Where/When will it be?
We will be holding these events at my workplace: Answers Systems in Oldsmar, FL. Better directions than this will follow in the near future (we will have a web site soon), but it’s right next to (West of) the Oldsmar Fleamarket on Tampa Rd (aka Hillsborough Ave). We plan to open the doors at 6:30pm with the activities starting at 7:00pm.

Can’t make it, but you really wanted to see my session?
<sarcasm>So you are in my fan club (Eric Wise, I know that’s you since you maintain some of my stellar code), but you live in another state (like say the cold state of Ohio... where it’s 40 degrees Fahrenheit in August) so there is no way you could see this session by me, but you really, really want to see it, but the plane ticket is so expensive.</sarcasm>

Well, we plan on videoing our sessions and making them available online (as long as the speaker is OK with it, and I am... SO this is the LAST time I’ll be able to charge for this session... unless I revamp it which I will).

Afterwards...
I’m not Joe Healy so I can’t pick up the tab, but there is a Starbucks down the street that many of my colleagues and I like to frequent (Stimulants... I need a good stimulant not a depressant... but we could be talked into depressants), so don’t be surprised if we all end up somewhere afterwards or maybe somewhere else...

RSVP
If you plan on coming please drop me a line via the contact form on this site. We need this to help us figure out how much Pizza to buy. 

PS
In October (the 2nd Wednesday), Bill will be doing a Silverlight2 talk (He’s a Silverlight MVP and a soon-to-be Silverlight book author). It will be more of an intro, but he plans on really giving a nice overview from both the diesgn standpoint and the development standpoint.

And, yes, we actually have a a list of things we’re thinking about for November... nothing definitive (yet), but we plan on being way ahead of the game (as best as we can).

posted @ Thursday, July 17, 2008 11:35 PM | Feedback (3)

Share this post:  Email | Digg This! | Stumble This! | Save to del.icio.us | Share on Facebook | Add to Live Favorites |

I want to go on record for a prediction. I believe when the dust settles with Silverlight2 (SL2, hereafter), we will have 2 major types of apps. To me this is fairly obvious, but if all you did was look at SL2 tutorials you would get a different view altogether. You see all the tutorials that exist out there show you what I think is the preferred way: a single application that lives in the browser as a plugin.

I also see another SL2 type of app: the SL2 enhanced Ajax App. Seriously, there will be those who will use some of the fancy SL2 controls (and I’m talking about the third party ones that will be developed) to bring their Ajax apps into a new domain. So from a plumbing perspective they will stick with the familiar page model we have today. I think the draw of Ajax is strong and I would rather this not happen because it is my view that the SL2 framework is way better than classic DHTML/Ajax/Web2.0. There are those who will say, "I can’t leave the rich experience of JS on the client." (phooey... just code in DLR JScript instead if you want JavaScript).

BTW, I also see a third model. The old model built with a single Sl2 applet on each page. I think this will be a minor idea, but I see it coming.

-----------

On another note, I’ll be putting up a few SL2 posts. I have been doing a fair bit of work with it in the last month or so. It definitely involves a slightly different mentality than classic web apps.

My SL2 prototype actually uses a REST service built with MS MVC and with the MVC Contrib project’s Restful feature. I will write some on this in the not too distant future. I have really grown to like REST (and building a service the way I have is really great for quick prototyping).

I’m actually starting to chew on Databinding (and doing CRUD operations on the data), so in time I’ll be writing about some of that stuff too.

--------------

Additionally, I am also working on starting a .NET UX user group here in Tampa Bay. I’m working with a couple of the local personalities to bring together a really good group. The group would focus on MS Ajax (and other Ajax Frameworks with ASP.NET and MS MVC) and Silverlight2 based apps. I can’t wait. It’s really exciting!

posted @ Monday, July 07, 2008 5:03 PM | Feedback (0)

Share this post:  Email | Digg This! | Stumble This! | Save to del.icio.us | Share on Facebook | Add to Live Favorites |

You may have noticed that our main feed was recently populated with a bunch of of our new blogger Thomas S. Williams posts (the SubText BlogML importer’s fault... sorry about that... I have tried to correct the problem... sometimes I swear that no one who develops for SubText really tests on community-based sites).

Thomas has been blogging for almost as long as I have (4 years). He specializes in SQL and VB. Check out his stuff! Oh yeah, he’s our first non-US blogger (he’s from the land down under).

posted @ Sunday, June 29, 2008 3:00 PM | Feedback (0)

Share this post:  Email | Digg This! | Stumble This! | Save to del.icio.us | Share on Facebook | Add to Live Favorites |

My good buddy (actually my best friend from High School), "The Witt" complained that I wasn’t being helpful to programmers who are trying to learn the craft when I posted two weekends ago on "A Question you should ask when hiring a non-entry level developer." (OK, he wasn’t the only one... but, hey, we have a history, so he can get me to post a response, and you can’t... deal...)

I decided that our subsequent conversation in email would make a good followup post for those who want to know what they should be doing, and with his blessing I am posting an edited version.

[It started with this comment]

The Witt - OK I know that I am new to the ASP codeing info.
I understand the security issues ( or at least, what might happen with leaving every thing wide open). BUT, Having just completed two semesters of nothing but ASP I just don’t see what wrong... I AM NOT a seasoned programmer...and my classes taught us to connect inthis very manner you discribe...
can you eleborate for those of us that are trying to learn? show us what you would do instead?
thanks in advance

Jay (in Email now)- I know I probably made some harsh statements there (in my blog post). I meant it to be hard, but it was as much about seeing some consultant coming in and writing crappy code against my APIs and leaving HUGE security holes in my website.

The major point is for ASP.NET that you should always use Command objects with parameters... something like this (code may not compile cause its off the top of my head... there’s probably an error in there somewhere...)

   1: Dim query as string = "select field1, field2, field3 from someTable where ID = @TableID"

   2: Cmd.CommandText = query

   3: Cmd.Parameters.Add(new DbParameter("TableID", cbo.Value)

   4: ' Code continues....

The trick is in using the "@" variable in the query, and using the Parameters collection. When this gets shoveled down to the database it gets sent differently and if someone tries to change that "cbo.Value" within the http post by trying to add their own SQL it will fail.

I know that changing the variable in the http post statement sounds advanced... go here --> http://www.bayden.com/TamperIE/, download the TamperIE tool (for IE)  and try it out... You’ll see that you can in fact force whatever values you want into the post.

As far as other dev environments go (I know you deal with a couple others), you want to figure out how to send a prepared statement to whatever SQL Server you are dealing with (ms access has these as well, so does Oracle and everything else I can think of... even the free PostgreSQL has them).

Anyway, I see you as someone who’s growing as a developer... you’d not go into an interview and present yourself as more than you are... that too is the problem...

Do you mind if I post this (more or less?) as a new blog post?

The Witt- I don’t mind in the least…

          Like I said I am trying to learn. The “@” tucked in front… I always thought that was just to get the info from the current page. It’s nice to know what that really does. I do use that for most of my sites. I just never knew all the reasons.

I think that is the problem with a lot of the schools today. They are just pushing the students out and they really don’t know what they are doing. (Not that I always know what I’m doing).

---------------

Ok. it’s not all that edited. One more thing I forgot to mention. If you use an ORM or something that builds classes for you, then you probably are getting this type of functionality (just about every ORM I know of uses prepared SQL statements to push data). My favorite ORM is SubSonic (and I know others rave about NHibernate)... It the Java world I use Apache Cayenne (and people rave about Hibernate over there)

---------------

BTW, I take great pleasure in mentioning that The Witt turns $28 (that’s hex) in a little less than 2 months... unfortunately I turn $28 about 2 weeks before him.

posted @ Tuesday, June 24, 2008 9:15 PM | Feedback (1)

Share this post:  Email | Digg This! | Stumble This! | Save to del.icio.us | Share on Facebook | Add to Live Favorites |

And I mean every developer. If you are an entrepreneur and you are hiring a consultant to work on your hot idea you need to do this. It could cost you everything if you don’t.

I recently took on a side project. It’s a return to a project I did 2 years ago. Since I have worked on it there have been at least 2 other people on the project. I’m writing this for the Business Development guy (the guy I assume hired the other folks). I am not writing this to "cut" on the other developer (I am not perfect), but I did detect a flaw that for me is critical. So one of the other guys is not only not up to snuff IMNHO, but s/he shouldn’t be working anywhere as anything but entry level (I’m sorry to be so harsh, but when you understand what I’m talking about you’ll why I’m being so harsh).

One more thing because I’m writing this more for a non-technical person. You don’t need to pretend to be technical. Pretend like you’ve hired someone to help you assess a programmer, and this is your one and only question.

The Question

When should/would you ever right code like the following (pick the version that applies to you):

   1: // C# Code

   2: string query = "select * from SomeTable where SomeID = " + cboField.SelectedValue;

   3: SqlCommand cmd = new SqlCommand(query, connection);

   4: SqlDataAdapter da = new SqlDataAdapter(cmd);

   5: da.Fill(ds);

   1: ' VB.NET (actually most versions of VB look something like this)

   2: Dim query As String = " select * from SomeTable where SomeID = " + cboField.SelectedValue

   3: Dim cmd As New SqlCommand(query, connection)

   4: Dim da As New SqlDataAdapter(cmd)

   5: da.Fill(ds)

   6:  

   7: ' Thank you Telerik for the quick translation

The Answer

The simple answer is nowhere.

The biggest reason is security. That code enables something called SQL Injection. There are utilities that exist that will let a hacker (actually you as a non-technical person could use them) to steal your entire database via a single whole in your app like this. All kinds of bad things can happen as a result of this. I recently switched grocery stores because my old grocery store had an IT problem where my debit card number got stolen. That kills it for me. I won’t be going back. The same will be true of your customers (if you don’t get sued). So the proper answer to this question means a lot.

A second option is that the programmer might mention the DataSet. This is really less critical (and there are times to do this). The first line of the code is what should be singled out in your mind, because this will tell you if the programmer "gets" security. If s/he doesn’t understand it here... s/he probably won’t understand it elsewhere (you probably have a non-professional programmer pretending to be a professional programmer... take this from a guy who started as a non-professional and doesn’t have a programming degree).

If they suggest making any changes to the first line, then they know what the problem is. They pass. If they leave that first line alone. They fail. By the way, it doesn’t matter whether the programmer is building a web app, a windows app, or some kind of service, this is a universal mistake.

No matter how cheap they are they are creating problems that you don’t need. You can get a good programmer for a lower rate. For instance, I lowered my rate considerably to get a small piece of the pie on the app I’m working on.

posted @ Saturday, June 14, 2008 9:18 AM | Feedback (14)

Share this post:  Email | Digg This! | Stumble This! | Save to del.icio.us | Share on Facebook | Add to Live Favorites |

DonXML has an interesting article over here that got me thinking about a technique I have been using for years now, and I’m not sure I’ve seen much written about it.

The basic tenet begins like this: I avoid session like the plague (not sure why except I have visions of some abuses I have seen... like full DataTable’s stored in session). The only time and I mean the ONLY TIME I use Session is if I have a value that needs to be associated with a user across the WHOLE site. As a result I really try to design my model where there are minimal values that need to be associated with a user site-wide.

What I have seen is that values come in 3 basic variations as far as Web site variables go: Values associated with a user everywhere, values associated with a user necessary for a few pages, values that really are application level values.

My suspicion about "Values associated with a user everywhere" is that they are not as prevalent and are often the result of programmers either not fully understanding web apps, they just aren’t thinking things through, or they are pushing a value into session site-wide when they only need it in a couple places. Treat Session like you do ViewState: it is a snake (maybe a poisonous one) that while necessary to kill the rats in your back yard due to the citrus trees, you don’t want a dozen snakes in the backyard either... Only use the number of snakes that you need (if you have no rats then 0 is the perfect number of snakes). So the lesson here is to really look at your user-related values: determine if they really are used everywhere, and determine if they need to be available in memory the whole the user is on the site.

For values associated with a user necessary for the a few pages, I tend to use cache, or I do use Session (but I clean up immediately after I’m done). When I use Cache I factor in the user’s Session ID. The thing I like about Cache is that I have a much richer set of expiration options. Session sticks while a user is clicking around the site... Cache let’s me absolutely set an expiration time. I also am aware of the fact that Cache can be unloaded early (so I use Cache as a temporary place for a value knowing that I may need to retrieve it again). If it’s something that isn’t stored elsewhere then into Session it goes (even if I have to delete that Session var later). It’s really about managing the data in memory.

For the application type values, I usually forget about the whole Application mechanisms (you might use them, but I do something else), I like to use static/shared values on individual classes. This has the effect of better organizing your code (and if you do any else with the class it simplifies things... I suspect some automated test guys would agree with me on this point). Why mention these here? Well I have seen my share of things that were really application related or indexed application related (such as storing this customer’s company info in session... that really should be either a cache or a static, and it should be retrievable by some company id).

Don’s post was originally spawned by the new Velocity cache from MS. Honestly the only comment I have on it is that I wish they had chosen a different name. I hear Velocity and I think about the text template engine (the one for Java... but the one for .NET is nvelocity)

posted @ Tuesday, June 10, 2008 11:15 AM | Feedback (2)

Share this post:  Email | Digg This! | Stumble This! | Save to del.icio.us | Share on Facebook | Add to Live Favorites |

So the last week or so I have been doing some heavy handed UpdatePanel development (stuff where I needed to fix an existing form that needs help to support an UpdatePanel or stuff where I needed to do something special while the page was posting back asyncronously).

In the midst I discovered some cool mechanisms that I missed!

For instance you can determine whether the current request is an async request by doing something like this:

   1: ScriptManager sm = ScriptManager.GetCurrent(Page); 

   2: if (sm != null && sm.IsInAsyncPostBack)

   3: {

   4:     // do something special here

   5: }

The other problem I had was that I needed to emit a startup script that should execute after the async request finished rendering. It turns out that the ScriptManager control has some really nifty static methods. Here’s the example of what I was trying to do:

   1: //                                  (control, type,   ScriptID,ScriptToRun, AddScriptTags)  

   2: ScriptManager.RegisterStartupScript(this, GetType(), "someID", "SomeScript", true);

Investigate it for yourself... there’s a lot of handy stuff here that corresponds to the same stuff you can do with the Page’s ClientScript object (with the difference being that ScriptManager’s stuff works during a Async Postback)

posted @ Thursday, May 29, 2008 5:20 PM | Feedback (0)

Share this post:  Email | Digg This! | Stumble This! | Save to del.icio.us | Share on Facebook | Add to Live Favorites |