Tuesday, 18 December 2007

May be maturing

I'm at a pre-Christmas party and a friend of mine (30s) eyeing up the cakes suddenly says "Oh. I think I might have matured a bit." At this point I'm totally bemused so I ask and she says that a year ago she would have wanted to try a little bit of all the cakes, but now there's just one she really wants.

All the projects I've been on recently are really immature with 20 odd features and a tight deadline. The sites I actually like typically have one central feature done well.

Marc has it right on pie shops.

Gordon Ramsay has a show where he takes apart restaurant businesses and helps them get back to profitability. One of the first things he always does is to shrink the menu so that the kitchen is turning out 5 excellent dishes rather than 20 bad ones.

If you go for complex surgery at a hospital would you prefer to be treated by a respected specialist working in your particular condition, or by a generalist with a lower success rate?

Is it time for a maturity model for web services? We could initially plot age and development team capacity vs success and number of features to see where the sweet spots are. I think we already know, but are choosing to be immature.

Wednesday, 21 November 2007

Abuse of sunlight therapy products

It's about 1:20AM. I'm still working hard (OK, fairly hard, given that I'm updating a blog). I don't do this workload very often, but normally when I do I'm sustaining myself chemically through a deliberate excess of caffeine, dried fruit and chocolate. I usually feel awful.

In the last 4 days I haven't had any caffeine, and very little sugar except for some fresh fruit. I feel great. I can go on for a few more hours.

Instead of the usual chemicals I'm abusing a light therapy lamp that I got because I was feeling a continuously run down a few weeks ago. This could be another case where "the street finds new uses" for things. Light therapy products should be the new caffeine for the  stressed IT crowd: All the downsides of not sleeping, but without the downsides of excess caffeine and sugar.

Tuesday, 20 November 2007

VS2008 no good yet for Silverlight 1.1 ... yet

VS 2008 has been released but does not yet have support for SIlverlight 1.1

Two popular add-ins to Visual Studio are not yet available to download for the final VS 2008 release.  These are the Silverlight 1.1 Tools Alpha for Visual Studio and the Web Deployment Project add-in for Visual Studio.  Our hope is to post updates to both of them to work with the final VS 2008 release in the next two weeks.  If you are doing Silverlight 1.1 development using VS 2008 Beta2 you'll want to stick with with VS 2008 Beta2 until this updated Silverlight Tools Add-In is available.

so I'll be sticking with the beta for a little while longer though.

Last time the Silverlight 1.1 tools update was out very promptly though. That makes me wonder if maybe there will be a little more to it this time. Perhaps a re-release of the framework with the long anticipated controls ... please.

Saturday, 10 November 2007

How do I know I've done something new?

One thing that the original SHL Direct got right (in design at least, there may have been implementation issues found after I left the company) was defence against SQL Injection attacks and Cross Site Scripting. During this project in 1997 I identified issues that could occur with maliciously formed input data and verified every system input with a view to stopping users with evil intention from modifying or seeing the database content (SQL Injection), or being able to display malicious content into the trusted site used by the customer support staff (XSS).

The generalised SQL Injection vulnerability was first publicly identified in 1998 in Phrack by RFP. The Cross Site Scripting vulnerability was being discussed in 2000 by Steve Champion, I'm unclear on whether it was publicly identified before this.

RFP and Steve Champion should still be identified as the original sources of these techniques: They published; I didn't.

In retrospect I had maybe learnt something genuinely new, and there's the problem I'm interested in at the moment. Computer Science / Software Engineering are incredibly broad fields and small discoveries are being made all the time. If you publish everything you do, how can we pick the signal out from the noise? If you don't publish enough someone else will rightfully get credit for your original thought having made their own independent discovery.

There's been a similar problem in parallel processing for several years which was solved recently. Several issues in parallel processing are easily fixed with transactions, an idea from the database camp. The real problem? Probably that parallel processing researchers didn't know the database researchers had a solution, and the database researchers didn't realise the parallel processing researchers had a problem.

The questions I'm thinking about:

  1. How can someone tell if something is something is really new and identify the correct scope of people to broadcast to?
  2. How can someone tell what problems are out there that are worth thinking about?

Thursday, 8 November 2007

My first Internet app

... launched in October 1997 and today would have been a bit over 10 years old. Unfortunately my old employer has recently (within the last 3 months) replaced the site with a new version. On the plus side I think that means there wouldn't be too many negative side effects from discussing its construction.

Most of the technology used in the original SHL Direct is now well past its sell by date: The platform was Windows NT 4.0 with the IIS option pack (back when IIS was a separate add on from a CD). The database back end was SQL 6.5. An ASP tier managed user navigation around the main site, whilst the on line psychometric test ran in a java applet.

Whilst the technology platform is out of date, the software architecture, and the decision process that led to it is still cutting edge. This was one of the first modern RIA's. I think it belongs in a museum.

Windows was selected because the maintenance team had more experience with windows and I believed this would reduce maintenance costs. IIS was selected because we didn't know if people would be dealing with the web server software very much, so having a UI for the software would also reduce costs. RDBMS chosen over the usual file database the company used for scalability with multiple users, then SQL 6.5 because it was cheapest to licence across live and development environments.

Active Server Pages was an incredible blessing at the time. My previous projects had included a web UI built from IDC/HTX pages, and trial projects using compiled, object oriented technologies which tended to have compile-link cycles that required shutting down the web server. It was the best decision we could have made at the time.

Flash had no scripting capabilities at this time and couldn't do the job. Java was in over 90% of browsers on our test site and had the capabilities we needed. MS and Sun weren't fighting.

The user navigated the site, where we disabled session variables relying on custom tracking code embedded in the URL and stored in the database for scalability and session persistence across shutdowns. This would now be seen as more vulnerable to session hijacking. My first major mistake,even if nobody exploited it.

After authenticating and getting authorization to access to the test, the user would go to a page which loaded a java applet. Once loaded this made a request back to the server for the test data which was returned in an SGML format, consciously breaking with the convention of CSV to enable hierarchical data and reduce confusion between back end and front end development. Today we'd talk about the ASP page that returns the data as a service and we'd probably choose XML or JSON for the response instead. The ideas are similar. Using a service for the test data gave us the capability to have a CMS to define the question data, and to extend in future for randomly generated tests and adaptive tests.

Finally the applet posted results to another page/service (with retries just in case) before redirecting to a results page where calculation of score was performed server side.

For 10 years SHL Direct has been my 'perfect project'. Something technically advanced for its time, stable, good, always on, always reminding me that I can lead a software project and have a blast. Now its gone.

In those 10 years my own career has mostly risen, but definitely meandered through the rises and falls in the software industry and drifted into management. A lot of the time its been work - not fun at all.

Last year my employer sent me to work with Microsoft in the MTC to create some demo's to use as proof of concepts in the sales process for both companies. If you ever get the chance to do something like this, just say yes. Today I'm freelance. I'm working on RIA's again, and helping people with capacity planning.

I'm as happy now as when I was working on SHL Direct. I credit one company and team, and one person in particular with turning my career back around by reminding me that developing software is fun. So thanks Marc for hosting the time in the MTC, thanks Anders, Grant, Katrina and Tony for working with me on SHL Direct. Lets all hope I don't get so lost in the next 10 years.

Monday, 8 October 2007

Silverlight Controls from XamlReader?

So far with silverlight controls I've found used the existing template which creates a constructor

System.IO.Stream s = this.GetType().Assembly.GetManifestResourceStream("MyNamespace.MyControl.xaml");
this.InitializeFromXaml(new System.IO.StreamReader(s).ReadToEnd());

The problem with this is that if there's a problem with the xaml loaded from the stream the error message is very nondescript, but I've just found that

XamlReader.Load(new System.IO.StreamReader(s).ReadToEnd(), true);

will give line, character and error message which is much more friendly so I'm giving serious thought to converting all my controls now ...

Monday, 1 October 2007

Strange Boxes

The new Microsoft boxes are now my favorite software boxes.

About a month ago I still felt pretty bad toward them. OK they were pretty but they were pretty bad to use. There's some really bad cues on the box. At the rear edge there's what looks like tabs to pull the back away. Pull on them though and everything locks into place and the box won't open. Instead you have to pull on a little tab on top of the box.

Having worked through the training with the Expression tools and put the DVD away each time, the box now works really well for me.

It makes me wonder though - what will it take to move people to 'unusual' look and feel in silverlight apps and other places.