Microsoft

Tampa User eXperience (TUX) User Group is coming September 10th, 2008…

Jay Kimble — Fri, 18 Jul 2008 03:35:18 GMT

I am proud to announce that I and a couple other guys are starting User Group that revolves around User Experience (or UX) in the MS tools eco-system. The other guys are Shawn Cady, Perry Panagopoulos, and Bill Reiss (MVP) [Bill always gets his MVP props].

I could give you all their backgrounds, but I’ll make them do it at the first meeting. I’m sure Papa Fish (aka www.devfish.net) the local MS Dev Evangelist (my Blog Father) Joe Healy will be around (at least for the first meeting).

TUX' Focus
Our focus will be on the "now" of Ajax and how it integrates with ASP.NET (in all its various forms), and the "future" of Silverlight2, and anything in between (like adding Silverlight2 controls to Ajax sites, etc); we’ll not be stuck in just Web either... we’ll probably do some WPF as well. We’ll also be dealing with some of those more abstract things that you need to get better at (like how to be a better designer, creating good user experiences, etc.), and we will do our best to keep this group "devsigner-friendly" (devsigner is a developer who is also a designer).

We have a lot of really creative ideas to make this fun and useful to you today as well as with an eye for the future (but I don’t want to blow them all)... We will definitely keep this interactive and will try to help you solve your problems as well (at least we’ll be around to chat with you before and afterward).

First Talk: Intro To MS Ajax Scripting
The first person to present will be me. I will be pulling a talk out of my paid pile which means that you have probably never seen me give this talk (unless you work at one of the companies I gave it at)... this is very special and will never be repeated (well, maybe). This talk is one that I have yet to see anyone give (for free). It’s an introduction to the MS Ajax scripting framework. Oftentimes you see a demo where someone shows you how to build an Ajax Extender control where a JavaScript is thrown in, but rarely (I’ve never seen it done) does someone talk to you about building the script behavior which is used to create the Server-Side Extender (I will in fact be doing just this). You will leave this talk with the knowledge of how to do it. As is often the case when I talk about JavaScript, I’ll end with a Script# demo which will make your life a lot easier (so we’ll build the last demo in C# which will be compiled to MS Ajax-style JavaScript); this big demo is a selection grid behavior that I built for my employer to replace a commercial grid component that we were using; you’ll definitely have a use for it.

Bonus
We’ll have Pizza provided by Answers Systems, so just get there after work... you don’t need to eat first.

AND!!!! Bill Reiss (MVP) has graciously given us an MSDN Premium Subscription (used to be MSDN Universal) to give away, so don’t miss it.

Where/When will it be?
We will be holding these events at my workplace: Answers Systems in Oldsmar, FL. Better directions than this will follow in the near future (we will have a web site soon), but it’s right next to (West of) the Oldsmar Fleamarket on Tampa Rd (aka Hillsborough Ave). We plan to open the doors at 6:30pm with the activities starting at 7:00pm.

Can’t make it, but you really wanted to see my session?
<sarcasm>So you are in my fan club (Eric Wise, I know that’s you since you maintain some of my stellar code), but you live in another state (like say the cold state of Ohio... where it’s 40 degrees Fahrenheit in August) so there is no way you could see this session by me, but you really, really want to see it, but the plane ticket is so expensive.</sarcasm>

Well, we plan on videoing our sessions and making them available online (as long as the speaker is OK with it, and I am... SO this is the LAST time I’ll be able to charge for this session... unless I revamp it which I will).

Afterwards...
I’m not Joe Healy so I can’t pick up the tab, but there is a Starbucks down the street that many of my colleagues and I like to frequent (Stimulants... I need a good stimulant not a depressant... but we could be talked into depressants), so don’t be surprised if we all end up somewhere afterwards or maybe somewhere else...

RSVP
If you plan on coming please drop me a line via the contact form on this site. We need this to help us figure out how much Pizza to buy.

PS
In October (the 2nd Wednesday), Bill will be doing a Silverlight2 talk (He’s a Silverlight MVP and a soon-to-be Silverlight book author). It will be more of an intro, but he plans on really giving a nice overview from both the diesgn standpoint and the development standpoint.

And, yes, we actually have a a list of things we’re thinking about for November... nothing definitive (yet), but we plan on being way ahead of the game (as best as we can).

An Answer to my post for young programmers

Jay Kimble — Wed, 25 Jun 2008 01:15:35 GMT

My good buddy (actually my best friend from High School), "The Witt" complained that I wasn’t being helpful to programmers who are trying to learn the craft when I posted two weekends ago on "A Question you should ask when hiring a non-entry level developer." (OK, he wasn’t the only one... but, hey, we have a history, so he can get me to post a response, and you can’t... deal...)

I decided that our subsequent conversation in email would make a good followup post for those who want to know what they should be doing, and with his blessing I am posting an edited version.

[It started with this comment]

The Witt - OK I know that I am new to the ASP codeing info.
I understand the security issues ( or at least, what might happen with leaving every thing wide open). BUT, Having just completed two semesters of nothing but ASP I just don’t see what wrong... I AM NOT a seasoned programmer...and my classes taught us to connect inthis very manner you discribe...
can you eleborate for those of us that are trying to learn? show us what you would do instead?
thanks in advance

Jay (in Email now)- I know I probably made some harsh statements there (in my blog post). I meant it to be hard, but it was as much about seeing some consultant coming in and writing crappy code against my APIs and leaving HUGE security holes in my website.

The major point is for ASP.NET that you should always use Command objects with parameters... something like this (code may not compile cause its off the top of my head... there’s probably an error in there somewhere...)

        1: Dim query as string = "select field1, field2, field3 from someTable where ID = @TableID"

       2: Cmd.CommandText = query

       3: Cmd.Parameters.Add(new DbParameter("TableID", cbo.Value)

       4: ' Code continues....

The trick is in using the "@" variable in the query, and using the Parameters collection. When this gets shoveled down to the database it gets sent differently and if someone tries to change that "cbo.Value" within the http post by trying to add their own SQL it will fail.

I know that changing the variable in the http post statement sounds advanced... go here --> http://www.bayden.com/TamperIE/, download the TamperIE tool (for IE) and try it out... You’ll see that you can in fact force whatever values you want into the post.

As far as other dev environments go (I know you deal with a couple others), you want to figure out how to send a prepared statement to whatever SQL Server you are dealing with (ms access has these as well, so does Oracle and everything else I can think of... even the free PostgreSQL has them).

Anyway, I see you as someone who’s growing as a developer... you’d not go into an interview and present yourself as more than you are... that too is the problem...

Do you mind if I post this (more or less?) as a new blog post?

The Witt- I don’t mind in the least…

Like I said I am trying to learn. The “@” tucked in front… I always thought that was just to get the info from the current page. It’s nice to know what that really does. I do use that for most of my sites. I just never knew all the reasons.

I think that is the problem with a lot of the schools today. They are just pushing the students out and they really don’t know what they are doing. (Not that I always know what I’m doing).

---------------

Ok. it’s not all that edited. One more thing I forgot to mention. If you use an ORM or something that builds classes for you, then you probably are getting this type of functionality (just about every ORM I know of uses prepared SQL statements to push data). My favorite ORM is SubSonic (and I know others rave about NHibernate)... It the Java world I use Apache Cayenne (and people rave about Hibernate over there)

---------------

BTW, I take great pleasure in mentioning that The Witt turns $28 (that’s hex) in a little less than 2 months... unfortunately I turn $28 about 2 weeks before him.