I'm working on my 70-536 (Application Development Foundation) certification right now, and yesterday I was schlogging through the multiple chapters on different types of security.  (And by the way does anyone actually use Code Access Security? Bleh.)  It occurred to me as I was reading why I didn't like dealing with security-related issues.  

As a developer, my primary goal is to make software that is useful to people.  Nothing makes me happier than when someone enjoys using somthing that I built.  When I do things to expressly prevent people from using my stuff, I feel like I'm working directly against that motivation.  I think a lot of developers probably feel the same way, and that may be why security has a reputation as being unpleasant to work on.  

 Consequently, it ends up getting pushed to the end of a project, or even ignored entirely.  Unfortunately, I can't think of a way to make this more enjoyable.  But hey, some people hate all aspects of their jobs, so I feel lucky that I really enjoy most of the things I get to do in mine.

During the LSU-Florida game this evening, right around the time it became apparrent that the Tigers were not going to come from behind and win as seems to be their preferred way of doing things, my laptop froze up.  I was working on a new website for the Shreveport .NET User Group using the new MVC framework (plus Dynamic Data for CRUD operations), and I was testing on my local machine with Chrome, and when I tried to open a new tab at one point, everything screeched to a halt.

 "No problem," I thought.  "This has happened before."  I am a Windows user, after all.   So I forced a hard shutdown, and booted back up.  After I logged on, everything seemed to start up fine, but when I clicked on a link in my quick launch, everything froze up again.  After I repeated this process several times with the same results, I acknowledged that there might be something genuinely wrong here.  Booting up in Safe Mode, I tried doing a chkdsk, then a System Restore.  Neither seemed to fix the problem. 

I was beginning to suspect a hardware problem (which there might actually yet be, the jury's still out), but I did notice that things seemed to work fine in Safe Mode.  "Well," I thought, "things were starting to feel a little cluttered anyway."  So, I bit the bullet and copied Rachel's and my User directories to an external hard drive and began the repave.

As I sit and watch the Windows install screen, I pray to the Hardware gods that they might be merciful to me and my laptop, and that all my trials may be Software Related.  Please join me in my supplication.

We're finally off the ground!  On Monday August 18th, the Shreveport .NET User Group held its first meeting in the science lecture auditorium at Centenary College.  We had 26 people in attendance, and Chris Koenig, developer evangelist from Microsoft, gave a great presentation on Silverlight 2.0.  I thought he struck a good balance between high-level feature descriptions and technical detail.  (I think the feedback forms bore this out; the few suggestions for Chris were about half "too detailed" and half "more detail."  ) 

The projector situation kind of made me sweat for a bit.  The one in the room hadn't been working, and I couldn't get the spare one I brought to work right.  Fortunately, the AV crew at Centenary was there about an hour before the meeting, and had the projector working by the time they left (about 15 minutes before people started showing up).  Other than that, there weren't any logistical difficulties to speak of.

Chris also gave us some great stuff from Microsoft for door prizes at the next few meeting, including a licenses for Visual Studio, Office, and Vista Ultimate, so we'll have some pretty high-dollar stuff to give away.  In addition, we've got some books coming from Microsoft Press and O'Reilly. 

In retrospect, getting swag from software vendors was just about the easiest part of the process, and finding a good (read: "free") location turned out to be the hardest part.  What I really need to work on, though, is delegating some of the administrative tasks to other people.  Chad Morgan and Chris Benard both helped out a lot with making this thing happen, but I probably should have recruited more help.  On Chris's Koenig's advice, we may institute specific roles for people who want to be involved with leading the group.  Someone to handle swag, someone to coordinate with the venue, someone to find local sponsors so we can continue to have pizza, etc.

 All in all, I think it went pretty well, and we've at least got a start at increasing the level of involvement of local .NET developers in the programming community.

Not sure what's going on, but I've been experiencing some weirdness with my RSS feed since I switched to BlogEngine.net.  Just yesterday, I was notified that I had two new blog posts.  This piqued my curiosity, since I could not remember posting anything.  Perhaps my evil twin?  Well, it turns out that the "new" posts were actually old posts.  And they weren't even the two mosts recent posts.  I think I may have to take this up with the BE.net team.  Has anyone else using BE.net experienced this? 

Sorry for cluttering up your RSS aggregators, hopefully 'll get this addressed soon.

A few weeks ago, I wrote a post about the lack of a mechanism to seperate a unit of both logic and presentation (like a UserControl in WebForms) in ASP.NET MVC.  Well, it turns out that Rob Conery had actually come up with something called a ComponentController that took care of that, and used it in his MVC Storefront application.  (Note to self: need to catch up on those videos he's making.) 

It actually took the removal of that feature in Preview 4 to alert me that it existed.  Not to fear, though, it's been replaced by something called RenderAction, which will allow you to call a regular old controller action from a view like so:

<% Html.RenderAction<MyController>(x=>x.MyControllerAction()) %>

Isn't that awesome?  I sure think so.  Be warned, though, this particular feature may be even more likely to be changed than the rest of the MVC framework.  It's part of a separate assembly called Microsoft.Web.Mvc.dll.  Stuff in there won't be in the initial RTM, but in a future release of the framework. 

Phil Haack has some reservations about this violating the purity of the MVC pattern, so I think the likelihood that this will change is close to 100%.  They're working on some other ideas, though, so hopefully the MVC team will come up with some magic that better adheres to a mindset of separation of concerns. 

For the moment, though, I'm happy!  :-)

I haven't really been tagged, per se, but enough of my blogroll has participated in this meme, so I thought I'd weigh in.

How old were you when you started programming?

     I was about 10, I think.  Read on for the details...

How did you get started in programming?

     A year or two after my dad bought us an Apple IIgs, I pulled out the BASIC book that came with the computer.  As many people did, I just started typing in the programs listed in the book.  Not everything worked on the first try, I would usually make a typo or two as I transcribed the code.  When I got to the checkbook balancing program, I tried for days to get it to work correctly, but failed.  I got so frustrated that I just put the book down and never picked it up again.  It turns out that I wouldn't program again until I got to college.  The enjoyment I got out of the programs that I did get to work stayed with me, though.  Enough that I knew by the time I graduated from high school that I wanted to major in computer science.

What was your first language?

     This seems to be just about the same for every person who answers this question:  some flavor of BASIC.  I have to say though, I think C++ (the first language I coded in at college) had more influence on the way I think about programming.  Maybe that's why I chafed at having to use VB at my previous workplace;  C# just seems more natural.  I need them curly braces!  :-)

What was the first real program that you wrote?

     I'm not exactly sure what "real" means in this case.  I'll take it to mean, "having some actual value outside of academic exercise," in which case the first one would have to be my senior capstone project, Shticks.  At Harding, every semester the participating seniors are split into teams and given a board game to turn into a computer game.  Our semester, it was a game called Creeper, published by Out of the Box Games.  (You may know them as the publisher of Apples to Apples.)  We used a Flash control hosted in a C# WinForm.  The game engine, AI, networking, etc. were coded in C#, and the animations and presentation logic in ActionScript.  (Yeah, I know, yikes.)

What languages have you used since you started programming?

     I feel I need to distinguish languages I only used in college from language's I've used in real-world projects.  In college only:  C++, Perl, Java, x86 Assembly.  Real-world:  C#, VB.NET, JavaScript, COBOL, VBScript, PHP, and currently learning Ruby to help out my church with a Rails-based church management system. 

What was your first professional programming gig?

     I got my first programming job right out of college, at a company called Data-Tronics, the in-house IT shop for Arkansas Best Freight.  I did lots of mainframe COBOL, quite a bit of classic ASP, and some VB.NET, all related to the transportation industry.  I worked there until about two months ago, with some of the nicest people I've ever met.

If you knew what you know now, would you have started programming?

     Absolutely!  I think that I wouldn't have taken the break between 10 and 18.  I also wouldn't have waited as long to really tune in to the programming community, which I only did about a year and a half ago.  Before that it was just kind of a job.  One that I enjoyed, more or less, but not one that I was truly passionate about.  I have to credit Dot Net Rocks, Hanselminutes, and Jeff Atwood of codinghorror.com for being my gateway drugs, showing me that building software was something that I truly could be passionate about.

If there was one thing you learned along the way that you would tell new developers, what would it be?

     Plug in to the community.  Read blogs, listen to podcasts, go to user group meetings, start your own blog.  You can get so much more out of software development than just a paycheck if you're willing to put in just a small bit of extra effort.

What's the most fun you've ever had... programming?

     I have to say, making that game in college was a blast.  It was my first taste of building something of substantial size and something that other people could (theoretically) use.  Plus, making games is just fun anyway.  :-)

Tag, you're it!

     I've enjoyed hearing other people's stories, so I think I ought to keep this going.  I'm going to call out:

• David Mohundro
• Sam Erwin
• Michael Paladino
• Joshua Marble

Most of the people who read my blog know this already, but I'm in the process of starting up a .NET user group in the Shreveport/Bossier City area.  The group in Fort Smith got started just a couple months before I left, but it was something that I really enjoyed and felt had real value for developers interested in improving their craft.  When I got to Louisiana, I was surprised to find out that a city the size of Shreveport didn't have a user group already, so I thought it was about time we did.

I got some great advice from Michael Paladino, the leader of the group in Fort Smith about sponsorships, delegating leadership, and related organizational matters.  Getting swag was actually a lot easier than I expected it to be.  Every single vendor I contacted offered to give us something.  One of the first component vendors I contacted, Telerik, offered to give us a license to their CMS package Sitefinity, as well as free hosting through a pertnership with DiscountASP.net.  You can find the site at www.shreveportdnug.org.  It's kind of bare-bones right now, I apologize.  It'll fill out as we nail more things down logistics-wise.

The hardest part, which I still haven't figured out yet, is finding free space to meet.  Most of the businesses that employ .NET developers in the Shreveport area rent office space from the large buildings downtown, so parking and difficult after-hours access make those a no-go.  I tried a couple of local universities, but the facilities they could provide would only hold arond 30 people max.  Not exactly a limitation I'm confortable with.  We've got one more school to try, but I have a bit of an inside track there because the son of the university president works for my current employer.  That means that I'm not the one in charge of calling the appropriate people, but I'm not sure it's a very big priority for the son.  I need to ping him about it again on Monday.  There's one facility at one of the schools that sounds perfect, but it's $120 per use of the room, and I'd like to keep the amount we have to get from sponsors to a minimum.  If anyone else has some suggestions about where to look for space, please leave a comment!

I'll continue to post about this as we get closer to holding our first meeting.  Wish us luck!

You may have noticed that things look a little different around here.  I finally got fed up with the themes in dasBlog.  The CSS in many of them was just plain bad, with fields overlapping each other and content scrolling off the screen when it shouldn't.  I know theming seems like kind of a small thing to switch blog engines over, but really, the look and feel of your website can say a lot about your professionalism, so I felt it was worth it to find something I was happy with.

I looked at several different engines before deciding on BlogEngine.NET.  WordPress is very popular, and can be made to look very nice, but my site is hosted on Windows, and from what I read WordPress needs to run on Linux.  I also looked at GraffitiCMS, which was very nice, and much easier to set up than other CMSes I've worked with before.  Although blogging is possible with it, it seems a little more general-purpose than I was looking for. 

I watched a how-to video on setting up BlogEngine.NET, and looked fairly lightweight and easy to set up. I also liked the variety of acceptably clean-looking themes.  The clincher for me though, was this post by Merill Fernando talking about exporting his dasBlog setup to blogML and being able to import it right into BlogEngine.NET.  He even wrote a nice little GUI front-end to handle the export from dasBlog.  The whole process was pretty painless, and I didn't lose my old posts.

I also picked up the nice DarkBlog theme created by Ruslan Tur, but changed the stylesheets to use blue text instead of green.  I'm pretty happy with the result, and I'd recommend BlogEngine.NET to anyone looking for an engine.  Your thoughts on the change are welcome!

Just a quick note here.  I was playing around with ASP.NET MVC today, and I got to thinking, how does one encapsulate both behavior and markup (a la UserControls in WebForms) when using MVC?  Well, there's a thing called a ViewUserControl that you can use in your ViewPages, but all that really does is encapsulate the markup and rendering.  You'd use them like this:

MyViewUserControl.ascx

<ul>

<% foreach(Sponsor s in (Sponsor[])ViewData["Sponsors"]) { %>      

<li><%= s.Name %></li>   

<% } %>

</ul> 

And then you would call it from the ViewPage:

MyViewPage.aspx

<% this.RenderUserControl("~/views/shared/MyViewUserControl.ascx") %>

If you use a typed ViewUserControl, you can feed the object to the RenderUserControl method as an additional parameter rather than going to the ViewData collection, but that's not what gets to me.

The controller that renders MyViewPage.aspx is still responsible for retrieving all the data that MyViewUserControl.ascx uses. So, everywhere that I want to display that list of sponsors, I have to remember to write the code to go get it. That's not really reuse, is it?

There was a comment on Rob Conery's blog back in January that I ran across that suggested something like this:

<mvc:Call Controller="Sponsors" Action="Show" />

That way, there can be one controller that's responsible for pulling that Sponsor data from the data access layer.  I'm not sure if this is possible; I'm not familiar enough with the way MVC works to know if a second (or third, or nth) controller can be created and called once the main controller has started rendering MyViewPage.  From an end-user perspective, something like that would be great, since it would let us truly encapsulate every aspect of what that ViewUserControl is about.  Here's hoping! 

I've been studying for my first SQL Server certification (70-431, if you're curious).  I read the chapter today on "Implementing Stored Procedures."  As I was reading, the following passage got my attention:

The permission delegation possible with stored procedures provides a powerful security mechanism within SQL Server.  If all data access - insertions, deletions, updates, or selects - were performed through stored procedures, users could not directly access any table in the database.  Only by executing the stored procedures would users be able to perform the actions necessary to manage the database.  And although users would have the permissions delegated through the stored procedures, they would still be bound to the code within the stored procedure...

How is this in any way desirable?  Who are you actually trying to keep the real data away from?  The only answer that is obvious to me is developers.  The author seems to be describing some personal utopia, where no childish developers could destroy what the mighty DBA hath wrought. 

He says in an earlier section, "Even more important, stored procedures hide the structure of a database from a user..."  Hide the structure of the database?  Again, why?  How could developers make informed decisions about creating data access layers if they don't even know what tables the data is on?

The author also says that using stored procedures lets you "...isolate database code for easy maintenance instead of requiring you to find hard-coded SQL statements throughout an application if you need to make changes."  A worthy goal, certainly, but is the answer really to put the executable code in the database?  I would think that a well-crafted data access layer would do a much better job of this.  Conventional languages offer much more flexible language environments, and code changes are tracked by source control.  You can put stored procedure definitions in source control, but it's in no way integrated into SQL Server.  It's basically the same developer experience as checking in some unrelated text file to some arbitrary directory in your tree, which has has no real bearing on what's actually running in the DB at the moment.

I've heard people talk about the database-centered approach espoused by MS, but this really makes it clear.  It's as if the author feels that the best application would be one with as little application code as possible, basically a thin veneer over a relational database.  Since I've worked for the first three years of my career in a shop that used DB2 (with absolutely no stored procedures), I guess I haven't even been offered this particular flavor of Microsoft Kool-Aid until now.  If this has been the Redmond gospel for a while, I can see why using OR mappers must feel like such as breath of fresh air to some people. 

For what it's worth, I'm planning on using ASP.NET MVC with Castle's ActiveRecord for my next pet project, a little site I'm putting together for my mom's fiancee.  I'll be sure to record my impressions of that story.