Here's my XML Hammer.  Useful for getting some XML into places where instinct might guide you to other choices.

I'm new to Sharepoint, so here I'll start a list of Sharepoint Annoyances :)

#1:   It lets you think you are designing relational data... but you are not!

Some examples:

I have a list of clients, and I have a list of contacts (or individuals) at that client's site.  I am designing a form for entering job details and I want to link in to a job both the client who requested it and the contact at that site. 

I want the user to pick a client and then a contact that is valid for that site, but I can't seem to filter them!

Secondly, there is no validation!

I want to have a form where the user can enter a start date and a finish date.  No problems so far but logic dictates that the finish date cannot be before the start date!  I don't have a way of enforcing that.

I'm sure there are ways around these, but right now they are annoying!

I had mentioned model-view-presenter pattern in passing before, because after I saw it it struck me as a pattern that could be a really good solution to having the most decoupling between the UI and, well, everything below it.

The chance came  up to try it during the week on a small project so I gave it a go.

The View was a windows forms app.
The Model was a .NET Class Library with classes that roughly wrapped a set of SQL Server stored procs.
The Presenter was implemented as a .NET Class Library.  This library also contained the definition of the interface that the UI was to implement.

Some of the key advantages of this pattern:

• The actual logic of the application is self-contained so it can be easily unit-tested.  Code that is easier to unit test is easier to get right.
  
• The data layer is self contained and can be unit tested.
• You can implement a couple of different data layers supporting different back-end data stores.
  
• The only code in the UI is just to display the properties on the interface and raise events in the logic layer from the UI.

The key advantage I see for my kind of stuff is that as far as the Presenter is concerned, there is no UI past the interface that it implements.  It would be trivial to replace the Windows forms app with a ASP.Net app that implemented, or to have it feed a serviced componant over remoting, or....

Is it that time again?  Seems like only... last year???

Oh well, I'm registered - see you at Tech.Ed 2006 in Sydney.



Thanks Frank, for confirming that there is too much to read on the Aussie tech blogosphere.

Hypothetically...

Just say I have a folder full of images and Windows had generated a Thumbs.db in that folder, now I burn the whole folder (including the thumbs file) and give it to you.

What can you know about my PC (OS, hardware, anything) from the Thumbs.db file alone?

When I find out, I'll post the answer here, or feel free to leave a comment.

A week since my last blog post!  Here's a quick summary.

• My head has been spinning at work.  Hit a busy period and I can't seem to work fast enough.

• Sydney is starting to get C-O-L-D cold!
  

• Gates is leaving Microsoft (later rather than sooner), Scoble is leaving Microsoft (I've been the web site for half an hour and I still don't know PodTech do)... would the last one to leave Redmond please turn out the lights? :)

• The continuous integration thing is moving along.  Draco.Net, NAnt and NUnit all rock. 

• Here's the trick for testing database code:  have your test setup put a transaction on the wire and have your test cleanup roll back the transaction.
  
• I know I have only read the doc 8 times this week, but I think I'm starting to understand the DI pattern.

• Microsoft renamed InfoCard to now be CardSpace.  WTF?  Still no cards?  Infocard is still a good idea - identity management is still very important but please guys drop the "cards" thing.  Not everyone follows WinFX developments up to the minute and you're starting to confuse people.  And I still don't have a satisfactory answer as to why we are doing this over protocols like HTTP and SMTP.  Why not another rev of these protocols to natively include identity, encryption and authentication, and then build identity management frameworks on top of them?

• Neofiles has been doing my head in with talk of transhumanist singularities, cognitive liberty, liberation biology and nano-biotech.  For some reason I put my strongly skeptical BS-Filter on hold for this show and I am starting to think about these things.  I'm definately not sold on some of these topics.  Maybe I'm just short on sleep.
  

In light of everyone talking about Australia's chance or otherwise in the soccerfootball world cup, I thought it was time to mention Ambrose Bierce's Devil's Dictionary on my blog.  His entry on Patriotism is as follows:

Patriotism, n
combustible rubbish ready to the torch of anyone ambitious to illuminate his name.
In Dr. Johnson's famous dictionary patriotism is defined as "the last refuge of a scoundrel."
With all due respect to an enlightened but inferior lexicographer I beg to submit that it is the first.

I enjoy the Devil's Dictionary sometimes beause of the wit, and at other times because the cynicism expressed therein makes me feel like my own thoughs are a ray of sunshine.

Been a while since the last security post, so while its a blogging day...

I was catching up on PaulDotCom security weekly podcast and during a discussion about insecure protocols like Telnet "behind the firewall" I learned that the RDP ("Terminal Services") is vulnerable to Man in the Middle (MITM) attacks.  In fact they put RDP into the same group as Telnet!

I remember when I started allowing RDP into my home network I did some research into if the encryption used by RDP is secure -which it is- but this vulnerability highlights that it is not enough and that it is exploitable by means of ARP Posion Routing to intercept your RDP session, including what you type at the login prompt.

So RDP is a bit of a fact of life for me at the moment, applying some defense in depth is in order.  Some layers we could add:

1. Tunnel the RDP connection over SSH.  I really like this one because it adds a layer of authentication to the session, not just encryption.   This addresses the root cause of the problem:  So long as the encryption remains in place, RDP does not care how the traffic gets there.
   
2. Tunnel the RDP connection over SSH.  Yeah, but this time it is to allow us to close port 3389, there by not advertising the availability of RDP on the host.
   
3. IP FIltering & IPSec policy.  In my case I already have this in place for my off-site connections to only allow connections from know-good IP addresses.  This is equally valid for behind the firewall sessions.
   
4. Certificates.  I'm a big fan of certificates as a factor to authentication.  I'll blog one day about using them to encrypt SQL Server's on-wire protocol.  Technet has a how-to that shows you how to set this up with Windows 2003 Server SP1 & Windows XP.
   

...well, maybe not.  :)

More accurately I love a good keyboard and all the keyboards I want I can't afford.

At home I use the Logitech S 510 cordless desktop + media remote.  At AUD$179 it is a serious commitment to your desktop but I spend more than a healthy amount of my waking hours at a PC of one kind or the next so it is worth making it comfortable.  In summary I can't recomend this keyboard highly enough.

At the other end of the scale is the Dell SK-8115 that came with my new hugely expensive powerhouse PC here at work.  Some people like them but they are cheap and flimsy and move when you type.  Also the little legs that raise it up keep flipping down on me.  Dell, if we spend $5K on a PC, please don't send me a $20 keyboard!

Here's a list of what's hot in keyboards:

Leader in the "Great concept" category is the Data Hands but at USD$500 - just no.

Along the same path and a little closer to earth is the Frog Pad.  It's based on the concept that the the highest-frequency occurring keys are easiest to strike.  The next least used 15 keys are "under" the first with one shift. The rest are both shifts under the first.  Starting at USD$130 they are closer to reality.

Alpha Grip AG5 looks like a gaming controller but are actually a QWERTY layout keyboard with a trackball.  I worry that I'd blow my $USD99 for one and then not be able to retrain my fragile brain to use it!

Now, this is the absolute king:  The Optimus.  Not available until the end of '06.  Note that each key is a software-controlled OLED that has customizable pictures.

I've setup a Continuous Integration server called Draco.Net on my desktop box (for the moment) here at work.  Setup was really easy after one minor hitch that I would have worked out eventually :)

---------------------- Done ----------------------

Build: 9 succeeded, 0 failed, 1 skipped

So what's next? Setting up NAnt for building, unit testing with NUnit and looks like you can add FxCop analysis to the build too.  Yay.  Oh, and also getting an rss feed out of Draco would be nice!

Is all this worth it?  Time will tell.