Automating Quality Code with FXCop

FXCop is a tool that can analyze .NET manage code for conformance to design guidelines and your own custom rules. I recently found a great document that explicitly outlines how to create you own custom rules from Jason Kresowaty. Some possible custom rules I am considering include:

Security Rules

• SQL Injection
• Session Hijacking
• Cross Site Scripting
• Sensitive Data in Query String
• Sensitive Data in Form Fields
• Sensitive Data in ViewState

Performance Checks

• YSlow Suggestions
• Company Specific Rules
• Using Common Logging

And More

Preventing Groupthink

I’ve been looking into the idea of Groupthink and found a nice list on preventing it.

From Wikipedia:

1. Leaders should assign each member the role of “critical evaluator”. This allows each member to freely air objections and doubts.
2. Higher-ups should not express an opinion when assigning a task to a group.
3. The organization should set up several independent groups, working on the same problem.
4. All effective alternatives should be examined.
5. Each member should discuss the group's ideas with trusted people outside of the group.
6. The group should invite outside experts into meetings. Group members should be allowed to discuss with and question the outside experts.
7. At least one group member should be assigned the role of Devil's advocate. This should be a different person for each meeting.

Json Serialization

I've been having fun trying to implement an idea I have. Part of the idea involves caching objects to memcached in Json format. The idea being that the object saved to memcached wouldn't be bound to .Net specific methodology.

What's out There

At first I looked into creating a Custom Formatter that would serialize my object for me. That seemed like an overkill so I searched for a faster and prepackaged library. After poking around to see what Json serializers were on the market, I found Json.NET.

At first this looked like a possible solution. Then I ran the Test Scripts on the Project and found a PerformanceTests test. This test script had timings for three different types of serializers. So my options were:

• Roll my own with a Custom formatter
• Json.NET.
• JavaScriptSerializer
• DataContractJsonSerializer

Performance

I changed the Json.Net Performance tests to serialize and deserialize 1000 times. The JavaScriptSerializer was the fastest during the tests.

Serializer	Time
JsonNet	203 ms
JavaScriptSerializer	95 ms
DataContractJsonSerializer	842 ms

Strangeness

One of the bad things I saw happen is how the DataContractJsonSerializer tried to serialize the private methods of the class. So I thought I would try to force it to use the properties of the class by not defining a backing variable.

public string Name { get; set; }

What to my surprise when I saw the following in the Json output:

"<Name>k__BackingField":"Rick"

Weird.

First Impressions of Google App Engine

So I thought I would try to see what Google App Engine is all about. My main goal is to learn python a little better and also try to get a better understanding of how to build applications that can

• Handle a lot of load
• Be distributed
• Have Standard Data access

Installing

I'm a .Net developer on a Windows machine and really don't have a lot of Linux/Python experience. I know I'm not alone so I am going to track my experience using GAE to build my car maintenance application know as Motozio.

I'm following the Google Getting started guide which is the following

• Download and install Python 2.5
• Download and install GAE

Coding

Installation is a breeze. The two python files for the hello world program are pretty straight forward too.

Trouble hit when I tried to test my application. I really didn't know how to call the script but I figured it out.

My application folder structure looks like this

c:\dev\helloworld\
c:\dev\helloworld\helloworld.py
c:\dev\helloworld\app.yaml

Running

I had to open a command prompt and type:

C:\dev>dev_appserver.py helloworld

Notice that the path to google_appengine, where the dev_appserver.py script resides, is already in the system path. The script dev_appserver wants the path to the application. Which is the helloworld directory.

Once I got that figure out. Bam! My helloworld was up and running at http://localhost:8080

I'm always impressed with out of the box examples of hello world. I really liked the ruby on rails example. And I am just as impressed with App Engine so far. Of course it doesn't take much to impress me.

Typing is Fun

I've been reading about other developers taking typing test to see where they are. I thought I would jump in the game and post my results. I fit within the average typing speed between 50-70 wpm. Nothing to brag about. Although I did get a perfect score. Yes!

AjaxWorld - Day 3

This last day started off being able to sleep in, but it quickly went downhill when the promised breakfast arrived 45min late. Nevertheless, I did glean a few bits of good information, and only had to walk out of a few sessions. I don't want to sound like a jerk, but some of the content of the sessions was more like an infomercial than a learning environment. Enough of my rant, on to the tidbits.

Social Networks as a Tool

We use social networks everyday to accomplish our jobs. How can we utilize the power of social networks in an computerized environment. Look at your job through the eyes of a social network. In other words, what pieces of information do individual's own.

Social networks can help me as a software developer produce higher quality of code.

• How: Create tools that utilize the group. For instance, FxCop can produce a list of broken rules when it runs. These broken rules can be placed into a central repository. Then the entire group can access the rules and fix the code. The trick is to make it easy to select a rule, get the code, and make the fix. Bam. Almost like ants doing a little bit of work to get a big job done.
• Groups are nodes. Treat group on the graph just like a regular node. It will have its own resources and connections and events. Groups can be used to manage projects
• See Ning.

JQuery - Modular Code

A few people got their feelings hurt when Yehuda Katz changed his presentation from an introduction to JQuery to a more advanced talk on how to write modular code with JQuery. I enjoyed the talk albeit Yehuda rushed through the talk due to his 15 minute tardiness.

• Use the Addon .listener, .intercept to bind events.
• Bind to a higher element than lots of lower elements
• Use Event Messaging
• Think in High Level Events. Instead of e.keycode == 38 do .trigger('uparrow_clicked')
• See LiveQuery. This allows you to bind events to all DIV even if they are not on the page yet. Useful for dynamic text via a widget
• See

Become a good Presenter

Walking away from this conference it was easy to spot the great presenters from the lousy ones. Great presenters do the following:

• Prepare quality Content
• Format a clean unique presentation
• Know the audience
• Don't repeat the exact same general information someone else already covered.
• Have quality content
• Don't be an infomercial

The lousy presenters did basically the opposite

• Show no emotion
• Mumble
• Appear as though you just saw the content
• Put lots of text on each slide
• Have misleading presentation titles in attempts to lure unsuspecting attendees
• Have poor content

That's about it. I'm about to get on the plane and leave beautiful San Jose and look forward to putting to practice the real gems of the conference.

AjaxWorld - Day 2

Another day and a little more information. This day had a couple of outstanding presentations. The first was by Kevin Lynch the CTO of Adobe. What a great presenter. The other was Douglas Crockford's survey of JavaScript.

General Tips and Tricks

JsLink to validate JavaScript

Yui Compressor for css/JavaScript minification

OpenAjax gives ajax guidelines

Use the # to maintain state within your app.

Push Data to the Cloud

Because users are starting to access the web through multiple devices, there is a need to modify your application to run in the different contexts. Kevin Lynch showed a music library application that accessed his person music through the computer, phone, and Wii.

Manage Large Data

Charles Kendrick had a lot of good ideas on how to sort and filter high volume dataset. The idea is similar to chunking data. When a sort needs to happen, push the sort back to the DB if the record count is larger than the client page limit.

Complete Server side Solutions

This section comprised three different sessions. These included Java Server Face, Google's GWT, and finally jMaki. The general idea is developers will use tools to create pages that can call back to the server. Karthik Shyamsunder showed how GWT will actually compile down the Java into JavaScript and also merge all images into a single image. The script created is specific for the browser and version.

One technique to do partial rendering of pages is to keep track of the DOM tree and perform a Diff between the two DOMs. Then send down the Diff file to have the client update the parts that need to be updated. Very clever.

Use a publish subscribe bus on the client for inter-component communication.

JavaScript the Good Parts

This was by far the most informational session. Douglas Crockford presented the ideas found in his book JavaScript: The Good Parts. In it, he showed how different he === and == operators are and how important it is to use the === all the time. He recommended using JsLint to verify your JavaScript to ensure you are following the best practices he found.

Variable User Experience

Mark Meeker from Obitz showed how they created their application to down grade gracefully. They first develop the page to work with POSH. Then depending on the user's browser, you can enhance the user experience by hiding detail with JavaScript and CSS. They also use build test to enforce their development standards. They make use of a composite view design. This is where you create many small controls that show specific data and have specific behavior. These controls are then assembled together onto a single page.

Next Steps

I think I would like to try writing an application in both GWT and Silverlight. I like the idea of being able to publish a single application have have it live on the network edge through a CDN. For now though, my apps will be widgets and JavaScript based.

AjaxWorld - Day 1

First day over and I think the overall assessment is not too bad. The sessions started pretty early at 7:30 and went all the way till 8:00pm. That's ok if all the sessions had been stellar, but I would say they were only ok.

The day started off with Scott Guthrie showing off some Silverlight and MVC. Some of the talk highlights were:

• The more api's the better. As more companies and application standardize and expose api's, the easier it is to consume those data and create mashups.
• Business's need to think about multiple channels of delivering content. Users access the web via browsers, TVs, gaming consoles, their phones, and soon much more.

The rest of the sessions seemed to all blend into one. I'll try to take better notes on day two, but this is what I captured for the rest of the day,. Right away Dave Meeker said don't reinvent the wheel for social networks. Use third party frameworks and tools. OK. Now on to the big ideas that stood out.

Use 3D design

This means the z dimension on the page and also changing the size of elements according to their relevance. The examples I can think of is the office tool bar and the ITunes Music slider control. The control where on the edge of the screen the images seemed to be filed and stacked close together, but the center image is large and full. The idea is to put the most important content front and center, and push the rest to the sides.

Ajax Push / Comet.

Where have I been? I was blown away by this idea of the server being able to update content on the client. Ajax Push makes a lot of sense if you have many clients that are sharing a common resource that can change frequently. Ideas are, collaborative documents,  messaging, and alerts.

Open Ajax

I was really excited about Open Ajax Alliance. This is a group that is attempting to create some standards around Ajax. The ideas that stood out to me were the OpenAjax Metadata Specification. This document goes about defining the term Widgets and Ajax api's. This is a great idea because now toolkits can be created that can read the information. Enterprise should focus on SOA widget end services. Most excitedly is they have a preview tool for widgets, although I forgot where. Widgets become valuable when they can talk to one another. I'm just not entirely sure how they do this.

Use Fiddler with .Net Application

I often need to watch communication between a web service and my application. The best way I've found is to configure my app to use Fiddler as a proxy between my application and the web service. Once configured, I can watch the traffic. The simple step that I keep forgetting is the entry in the Web.Config file.

Get Fiddler Settings

Open Fiddler and click on Tools -> Fiddler Options. The Fiddler Options window will pop up and take note of Listen Port number under Proxy Settings. In this case the value is 8888.

 

Update Web.Config

Open your Web.Config file and add the entry. Make sure the port on the address matches the one defined in Fiddler.

<system.net>

  <defaultProxy>

    <proxy  proxyaddress="http://127.0.0.1:8888" />      

  </defaultProxy>

</system.net>

Other web refrenced talk about setting other attributes on the proxy element, but don't These seem to make it fail. Just the simple solution from Rick Strahl will make it work.