Thursday, November 29, 2007

Misconceptions about Agile Programming


This great Dilbert cartoon was put on the ALT.NET Yahoo Group earlier this week. Although it is really funny, it also illustrates some of the misconceptions about agile software development. No more planning, no more documentation and even no more design. I've heard and read it all. Waterfall zealots are fond on big analysis and design up front. They still feel that this is superior to any of the agile methodologies, claiming that design-as-you-go is pure evil.

Well I let you in on a little secret. Regardless of any methodology you use, design-as-you-go is very typical and appears in the coding phase of EVERY software project. Why? Because your understanding of what you need to build before you actually start building it, is not as good compared to the insights you have while your in the coding phase. What's the difference between waterfall and agile development? With agile programming I have various indicators guiding me while I'm doing the actual coding work, like unit tests, continuous integration, daily builds, daily scrum meetings, etc. ... . With waterfall methodologies you have only Change and Pray Development.

As I wrote before, Agile is just human nature. Waterfall is just plain wrong.

Design and Evolution of C++

Driving home from work, I listened to this podcast on the Design and Evolution of C++. Somewhere half way through, Ted Neward mentions the new thread library in C++0x. I found Herb Sutter's response quite amusing:

Any language from this point forward that ignores concurrency is basically not relevant for mainstream applications.

Take that C#! Maybe F# is the wave of the future? But there appears to be hope at the horizon, as the first preview of the ParallelFX extensions has been made available for download.

Wednesday, November 28, 2007

WCF Tips

In case you missed it, David Pallman did an excellent series of blog posts on WCF tips and tricks:

If you are doing WCF, then you should definitely give these a read. Enjoy!

Tuesday, November 27, 2007

Book review: Working Effectively with Legacy Code

Working Effectively with Legacy Code

There is a reason that this book is on the recommend reading list of the ALT.NET Wiki. For some reason, I had this book lying around on my desk for almost a year before I started reading it. Since I finished reading it last week, I wished that I had read this book years ago.

The first question is: what is legacy code? Well, there are a lot of definitions going around, but legacy code is simply code without unit tests. We are talking about 99% of all the code bases on the planet. Should you read this book? Hell, yeah! The book teaches you a lot of dependency breaking techniques that you can use right away. The majority of the book describes these dependency breaking techniques and applies them to different scenarios with real-world code sample code mainly in Java and C++. Don't be scared! The most of it will also be applicable to your favorite .NET language as well. The last chapter (about 100 pages) is a nice reference to all the dependency breaking techniques.

I've seen my share of crappy legacy code over the past couple of years (some of which I wrote myself). Breaking down dependencies and get this code under test before adding new features is something you can start doing today. No more excuses of writing new code without unit tests. Pick up a copy of this book at your local dealer and read it from cover to cover. You will thank me later.

To wrap up this post, I want to share two quotes from the book that struck a nerve:

At this point in my career, I think I'm a much better programmer than I used to be, even though I know less about the details of each language I work in. Judgement is a key programming skill, and we can get into trouble when we try to act like super-smart programmers.


Programming is the art of doing one thing at a time.


Till next time

Tuesday, November 20, 2007

Design by Contract - The Sequel

In this post I put out some code for checking method arguments. I changed it somewhat regarding value  types:

public void DoSomethingMeaningfull(Int32 someNumber) { // Throws ArgumentOutOfRangeException Check.Argument((IComparable<Int32>)someNumber, "someNumber").IsNotNegative(); }
public void DoSomethingMeaningfull(Int32 someNumber) { // Throws ArgumentOutOfRangeException Check.Argument((IComparable<Int32>)someNumber, "someNumber").IsNotPositive(); }
public void DoSomethingMeaningfull(Int32 someNumber) { // Throws ArgumentOutOfRangeException Check.Argument((IComparable<Int32>)someNumber, "someNumber").IsNotZero(); }

As you can see, I opened it up for all comparable types. The code for this can be downloaded here. Please let me know what you think.

Thursday, November 15, 2007

TechEd Developers 2007 Barcelona - Day 5

The Joins Concurrency Library

I've listened to this podcast on DotNetRocks a while ago and I remember to be quite exited about this Microsoft Research project. The session at TechEd was pretty lame. Claudio Russo finished almost half an hour early. At least it gave me some time to pick up something nice for the kids in the shopping center across the street :-).

The Irresistible Forces and the Moveable Objects

Nice session from Pat Helland. At least, now I have some excuse when something isn't working as expected: i can say its the movable objects.

ASP.NET Model View Controller (MVC)

Great interactive session on the new ASP.NET MVC Framework for which the first bits will be available starting from the beginning of next month. Matt Gibbs did a great job explaining the advantages of this new framework and why it is so desperately needed.

Here are some random notes I've made during the session:

  • The ASP.NET MVC Framework will not replace WebForms in any way. WebForms is not going to disappear any time soon and will be enhanced in the future.
  • The ASP.NET MVC Framework will be running on .NET 3.5. Templates will be available for Visual Studio 2008.
  • ASP.NET MVC will probably ship with .NET 3.5 SP1.
  • With the first drop it will not be possible to use AJAX or any other client-side stuff. The ASP.NET is currently working on that and the result should be available in the next milestone.
  • Existing ASP.NET controls don't work yet as they make assumptions on the page lifecycle and ViewState.

There were a lot of questions from the audience as to why they should use this over WebForms. To me, this is crystal clear: testability. If you want to create maintainable and soluble applications with ASP.NET, then this is your path. Scott Guthrie started a series on the ASP.NET MVC Framework. I'll recommend you give it a read.

Deep Reflection - Things You Really Need to Know About Reflection 2.0

Nice closing session for the conference. Roy Osherove did his homework and showed some cool demos for generating code at runtime.

Some random notes I've made during the session:

  • There are two ways for generating code at runtime. The first one is using the CodeDOM. Think of it like a DSL for code. It has its advantages, but you get a steep learning curve and the resulting code is kind of verbose and very hard to read. The second option is Reflection.Emit. With this option you have to emit IL code. The OpCodes class provides with the necessary IL instructions.
  • .NET 2.0 introduced the DynamicMethod class. This makes runtime code generation a lot easier, plus it has the advantage that the generated code is garbage collected (which is not the case with Reflection.Emit) and that it is possible to skip visibility checks.
  • RunSharp makes it even more easier to generate code at runtime. You can download it here.
  • With Reflection.Emit it is possible to debug the generated code.

That was it folks. I enjoyed being at TechEd Barcelona. I actually learned something here and there. Lovely city and the weather was great.


PS: I'm blogging this in retrospect as I couldn't get the blogger administrator web site to run on the CommsNet PCs because they had  JavaScript turned off.

Wednesday, November 14, 2007

TechEd Developers 2007 Barcelona - Day 4

Windows Communication Foundation Performance

You got to hand it to him: Justin Smith certainly has some interesting things to say about WCF. A few months ago, I have read his excellent book Inside Microsoft Windows Communication Foundation which is probably the best WCF book I've read so far. This book is about how WCF is built from the inside out instead of the endless features and tweaks of WCF from a developer perspective. I consider these kind of books to be far superior to the ones that only mimic the MSDN documentation. Period. But back to the talk. Here are some random notes I've made during the session:

  • WCF is faster than ASP.NET web services and Web Service Enhancements (WSE).
  • NetNamedPipeBinding and NetTcpBinding are the fastest bindings that come out-of-the-box. No real surprise there.
  • With the DataContractSerializer (DCS)  you get the most performance (no surprise there either). Using the NetDataContractSerializer (NDCS) is strongly discouraged, definitely from a performance perspective. With the XmlSerializer you get the worst performance, but may be an option when you are using complex XSD contracts.
  • The JSON encoder in NET 3.5 looks promising.
  • The binary encoder use syntactic compression (XML InfoSet). Redundant data in a message is removed using a dictionary.
  • Always use the asynchronous methods of a WCF proxy, never the synchronous methods. WCF services are asynchronous by default.
  • Read Increasing Middle-Tier Client Performance on MSDN.
  • Don't use the using directive with WCF proxies. I already blogged about this here.

Building Languages With The Dynamic Language Runtime

The DLR will be the next big thing. Martin Maly managed to write a LOLCode implementation that targets the DLR while he was flying to Barcelona. He showed us his implementation during this session. You can download the source from John Lam's blog.

Designing High Performance, Persistent Domain Models

I had very high expectations set for this session. Udi Dahan managed to fulfill my high expectations and go well beyond. This session was not about technology, but about the core skills. I didn't see that one coming from a TechEd conference. To say it with some wise words from a colleague of mine: this session completely blew my mind :-). He didn't talk about the technology du jour, just about POCO's (Plain Old CLR Objects).

He started off with talking about the domain model pattern (in the context that I understand domain models and domain-driven design). If it is ever possible to have a favorite pattern, well the domain model pattern does it for me. Then he went on about different fetching strategies (eager loading and lazy loading) and how to use them for different scenarios. The solutions he came up with were clean, neat and everything that maintainable code should have. You can read about it at his blog here and here. The slides of this session can be downloaded here.

Some memorable things I wrote down:

  • The actual choice of an ORM (or any other technology) is not important from an architectural point of view. I like that.
  • Drive-by-architecture: an architect who comes by the development team, drops the architecture and then takes off. For the record: this is NOT a good thing.
  • Joins hurt scalability: de-normalize the database when you need to.

I actually learned something worthwhile during this session. I'd like to attend more sessions like this one. Two thumbs up.

Dealing with Concurrency and Multi-Core CPUs with Today's Development Technologies

As I mentioned before, targeting the multi-core CPU's will be a huge thing for the next-generation of applications that you build. That is what this session was all about. I've used the current System.Threading library several times now, so nothing new there. As you may or may not know, I'm quite a fan of the Power Threading library from Wintellect. But still, I think that developing multithreaded applications could be a lot easier.

I'm particularly interested in the ParallelFX stuff that Microsoft is working on. The problem was that Joe Duffy didn't quite get to the interesting stuff as he had put too much content in his session. As he was going overtime he briefly mentioned some of the things of ParallelFX, but that quite ruined it for me. What a shame.

Test-Driven Development in Practice - How Does it Really Work?

This was probably the worst session I attended at TechEd 2007. It was the entire opposite of Roy's excellent interactive talk on day 3. I don't want to talk much about it as I'm trying to suppress the bad memories.


PS: I'm blogging this in retrospect as I couldn't get the blogger administrator web site to run on the CommsNet PCs because they had  JavaScript turned off.

Tuesday, November 13, 2007

TechEd Developers 2007 Barcelona - Day 3

LINQ to XML: Using the Language Integrated Query Framework with XML Data

Nice introduction talk on the new XML API for creating, querying and modifying XML. Although this is YAXA (Yet Another XML API) and doesn't add any feature compared to the classes in the existing System.XML namespace, I like this LINQ implementation the most.

Some random notes I've made during the session:

  • The System.Xml.Linq is a DOM like API. The most important classes are XElement and XAttribute. There is a class for every kind of XML element out there:


  • There is streaming support for large XML files. For input you can use a "custom axis" function with an XmlReader, and for output you can use an XStreamingElement. For more information, you can read this blog post.
  • You can use the XElement.Validate method for validating XML documents or pieces of XML. I have to try if there is support for validating against so-called chameleon XML schemas.

Unit Testing Tips and Techniques with Visual Studio 2008 and the .NET Framework

This was an interactive session where the audience could determine the content. Everyone could add a particular topic regarding unit testing / integration testing to a list. These topics were then prioritized according to votes from the audience and then discussed by the speaker (how agile can you get?). Some of the topics were:

  • Testing multi-threaded code.
  • Testing the data access layer.
  • Mock objects
  • ...

Off course, my questions didn't get enough votes ;-). Roy Osherove is a great speaker, so it is almost needless to say that the session was packed with a lot of great content.

Entity Framework: Application Patterns

This session discussed application scenarios and not yet-another-feature-summary of the Entity Framework. I had my hopes up because I wanted to see some real-world scenarios instead of another toy application. As I already mentioned in my previous post, the Entity Framework is not quite there yet. The session turned out to be not as good as I hoped, just because the speaker was talking so fast that my brain couldn't keep up interpreting his words. Man, this guy could talk fast. I've never witnessed anything like this before. Maybe it was only me, I don't know.

Silverlight, ASP.NET and Web Services in IronPython and IronRuby

A nice demo session that continued the session of the day before with again Mahesh Prakriya at the microphone. This time he showed lots of demos of using IronPython with Silverlight, ASP.NET and web service applications. Not quite as much demos using IronRuby as I wanted it to be. But again, a nice show.

Country drink 

Wednesday evening was the country drink. For the delegates coming from Belgium and Luxemburg it was held at Sal Cafe which was nicely located with a terrace at the beach. I finally got to meet Tom Mertens, who is the most famous Developer Audience Manager and the Product Marketing Manager for development tools at Microsoft Belgium & Luxembourg.


PS: I'm blogging this in retrospect as I couldn't get the blogger administrator web site to run on the CommsNet PCs because they had  JavaScript turned off.

Monday, November 12, 2007

TechEd Developers 2007 Barcelona - Day 2

 Secure Distributed Applications with WCF

 Dominick Baier of Thinktecture certainly knows his stuff, but for some other reason he couldn't manage to bring the message to his audience (at least not to me). Looking back at this session, it was probably one of the worst sessions I attended.

"IronPython" and Dynamic Languages on .NET

I had high expectations for this session, which only came true for some part. Mahesh Prakriya showed some pretty cool demos, including one with a robot (which always strikes me at a sensitive spot :-) ).

Some random notes I've made during the session:

  • IronPython and IronRuby are going to be true implementations of their original counterpart. The development teams will not deviate from the original specifications, which is a good thing. This will enable Python and Ruby developers to migrate their applications to .NET where they have the BCL classes at their disposal.
  • IronPython will target the Dynamic Language Runtime starting from version 2.0.
  • IronPython is the fastest Python implementation out there, at least that is what they claimed during the session.
  • The download for IronPython contains the IronPython command shell. With this shell its possible to instantiate .NET objects from the command line, which is very cool.
  • The development team of IronPython uses agile development.

Why Software Sucks

This is also the title of the book David Platt wrote on the subject. This guy is both a very good speaker and a funny guy. In this short talk, David talked about usability in software, showing some real-world examples of the good, the bad and the ugly.

Understanding Claims-Based Identity 

Very nice introduction to the concepts and classes in the new System.IdentityModel.Claims namespace, first introduced in .NET 3.0. Keith Brown did a great job bringing the message to the audience.

Some random notes I've made during the session:

  • A security token represents a collection of claims: e.g. a Kerberos ticket or an X509 certificate are examples of security tokens that exist today.
  • A claim is a statement about a subject where each claim is identified by a URI.
  • A claim is represented by the Claim class.
  • The ClaimSet class is a collection of Claims + the issuer of the claims.
  • Claims are available in WCF through the ServiceSecurityContext.
  • Microsoft does not (yet) provide a Security Token Service (STS) out-of-the-box, so you need to build one on your own.
  • Claims can also be transformed, e.g. a X509 certificate can be transformed to a Kerberos token.

Also checkout this article from MSDN magazine on the very topic.

Entity Framework Introduction

At first I was rather happy with the fact that Microsoft is going to release an object-relational mapping framework. As I got my hands on some of the bits, I was rather disappointed as I blogged about in these posts here and here. But the data access guys and dolls at Microsoft are listening as I already posted here. That is why I wanted to give the ADO.NET Entity Framework another chance. I went to this talk with the idea to start from scratch. As I already knew, its not going to be the next NHibernate. Not that NHibernate doesn't have its quirks, but the first release of the ADO.NET Entity Framework is not going to be mature enough to start using beyond some small applications. But I'm already looking forward to the next version though. That is what being a .NET developer is all about: constant anticipation :-).


PS: I'm blogging this in retrospect as I couldn't get the blogger administrator web site to run on the CommsNet PCs because they had  JavaScript turned off.

Sunday, November 11, 2007

TechEd Developers 2007 Barcelona - Day 1

Soma announced some new stuff in his keynote, among which the release of Visual Studio 2008 and the .NET Framework 3.5. Unless you have been living in a cave for the last week, you already heard or read about this somewhere.

What is Next for the .NET Framework and Distributed Applications

My first session at TechEd 2007. Steven Martin tried to explain the vision of Microsoft on distributed application development for the next couple of years. To me it appeared kind of flue and fuzzy. He also briefly mentioned Oslo. In a nutshell, Oslo is

  • not a new product.
  • a set of existing products (the .NET Framework, Biztalk Server, etc. included).
  • based on .NET

I had the impression that the speaker knew more than this, but couldn't tell the audience for some reason. Oslo primarily consists of services and models (talking about two overloaded terms here). To me a model is an essential part of software design as described in Domain-Driven Design: Tackling Complexity in the Heart of Software. From the stuff I heard in this session, I think that Microsoft means something else, but I'm not entirely sure.

The Security Development Lifecycle

Great session. Excellent speaker. Fantastic subject. One couldn't ask for more. Although Michael Howard only focused on the development part of the SDL, it was a great talk with lots of tips, tricks and best practices for both unmanaged and managed code. After the session, everyone could get a free copy of his book on this very topic surprisingly called The Security Development Lifecycle.

Some random notes I've made during the session:

  • Security in software should be applied pragmatically.
  • Optional security features won't work. They are never going to be used.
  • Increasing the overall quality of software doesn't affect the quality of security.
  • Don't use weak cryptography (MD4, MD, SHA1, DES, RC4).
  • Don't use symmetric keys that are smaller than 128 bits.
  • Don't use RSA keys that are smaller than 1024 bits.
  • Use this VS2005 macro to detect weak cryptography.
  • Be crypto-agile: no hard-coded encryption algorithms in your code.
  • When your code detects a security violation, then let it kill the application. Its always better to kill the application by raising an exception than to execute code that is not trustworthy.
  • Use static analysis tools like PREfast, SAL, FxCop, AppVerif, ... etc., but remember that tools can only take you so far. They are not a replacement for a human brain.
  • Don't hire bad developers.
  • Security is not something special. It should be part of building any kind of application.
  • Don't nag about performance versus security. Measure it! Don't make any assumptions without it (this is one of my pet peeves for many years now).

I don't understand why there were so few people attending this session. I mean, this is such an important topic. Do you really think that the CLR is doing everything for you? Come on!


PS: I'm blogging this in retrospect as I couldn't get the blogger administrator web site to run on the CommsNet PCs because they had  JavaScript turned off.

TechEd Developers 2007 Barcelona - Day 0

We arrived at Barcelona last week on Saturday evening with a delegation of seven people. The same evening, we already visited the Monjuic Magic Fountains on Plaza España.


On Sunday we had the entire day off so we could visit the town of Barcelona and do some sightseeing.


This is me at the Temple de la Sagrada Familia, the life work of Antoni Gaudi. Its construction began in 1882 and as of today, its still not finished. Before we got there, we came across some other some buildings that are architected by Gaudi.



The architecture of these buildings makes me think about the Efteling :-). In the afternoon we went to Palau Güell.


We all stood there and enjoyed the wonderful view.


PS: I'm blogging this in retrospect as I couldn't get the blogger administrator web site to run on the CommsNet PCs because they had  JavaScript turned off.