Wednesday, October 26

Getting It

Andrew Anderson blogs on Web 2.0, and suggests what the term really means is if the developer "gets it". He gives the example of Flickr as an application that "gets it".
I think there are 3 factors for an application that "gets it".
  • Is it easy to get started with (Flickr does not have a complex account creation process)?
  • Does it reflect how people do things in the real world, rather than try and change them into your way of working (Flickr reflects peoples desire to share photos)?
  • Does it make people more efficient in the way they do things (Flickr allows photos to be tagged, so they can be searched easily).

Sunday, October 23

Web 2.0

I've heard the term "Web 2.0" a lot recently, but there isn't a lot of agreement of what it means exactly. Tim O'Reilly provides one description.

Most people seem to think that it means a web site will access a combination of services provided by different providers (web services, RSS feeds - the exact technology does not matter), and apply a presentation provided by someone else, rather than being one complete entity written by one organisation. An organisation that specialises in a narrow area is more likely to do this well than a general web site company.

However, if more organisations are involved, this will cause difficulties, both politically, where everyone has to work in the interests of the organisation they work for, not the web site as a whole, and technically, where everyone is used to different technologies and ways of using them, and is relunctant to adapt. Industry standards, such as RSS will reduce technical difficulties, but there will always be some, and the political difficulties will remain.

This will make any Web 2.0 development a risky strategy, unless you can either develop a good relationship with the service provider where all work towards common goals, or you can have interchangable service providers, where if one doesn't work out you can change to another at minimal cost.

Developer Developer Developer 2

I went to another good developer day yesterday. All the sessions were really useful, and I learned a lot that I could use immediately as well as things to take away and research later.

The day started with Kalen Delaney talking about the Index enhancements in SQL Server 2005. Kalen explained the new functions and views to display how indexes are being used in SQL server 2005, and how much easier it is to get a big picture of which should be there and which should not. Many large databases have far too many indexes, and it is time consuming to ascertain which are being used in execution plans. She then explained how indexes can be created whilst the database is online, without the need to lock tables in 2005. Covering indexes were covered next, and the concept of “Included Columns” was discussed, which get around a 900 byte limit, and will mean that many more queries need never touch the underlying data. Finally, Kalen mentioned that indexes could now be used to generate execution plans where characters being searched on were not the first characters in the index.

The next talk I went to was by Annie Matthewman on Domain Specific Languages. I have always believed in the importance of code reuse, and Annie explained the reuse maturity curve, where reusable components tend to become “owned” by a different part of an organisation and difficult to change. If reusable components are implemented as a DSL, they can still allow enough flexibility for users to tailor them to their own purposes.
Unfortunately, the technology looked complex to use in its current beta form, although my opinion will probably change wheb I download the betas and try and create a language and write an application in it. It will be interesting to see who uses these.
Perhaps consultancies familiar with particular areas of business could develop languages for their customers, although this will depend on enough customers being willing to migrate to Visual Studio 2005.

Before Lunch, I went to Brian Long’s talk on Reverse Engineering to get to know .net better. I haven’t really looked closely at the code the compiler generates for a number of years now. With modern PCs, it’s been some time since I’ve had to manually optimise any assembly language (now of course IL). However, with IL, if you decompile the IL you get something that is a lot closer to the original source than with earlier languages. You can therefore decompile the .NET CLI to understand it. However, a better method is often to download the Shared Source CLI (Rotor). This is very similar internally in most cases, and even if you are using the .NET CLI, it is likely to explain how functions work internally.

After lunch, I went to Mike Roberts talk on .NET development trees. The session started off by discussing in small groups the kinds of difficulties we had had that prevented new members of a development team writing code productively straight away. Mike recommended putting all libraries into source control, and discussed various techniques to allow version control of a database schema. Most of the ideas seemed sensible, and I’ve already been trying to adopt most of these practices in my own work for some time. The difficulties are in getting everyone to follow them, especially in projects where there are many temporary and inexperienced staff, and where the work includes areas that are not strictly coding, e.g. graphic designs and website content.

The next talk I went to was Daniel Fisher’s talk on data driven ASP.NET 2.0 applications. Daniel explained how much easier it is to set up applications that do not require code (and hence can be deployed more easily). He recommended that all the database connection logic can be defined in the user interface and configuration files, and that no class in the System.Data namespace should appear in your business logic. I’ve never really thought of this as an objective, but it certainly would make business logic components more reusable and portable. He also found time to briefly demonstrate generics in C# 2.0. I had used templates a lot in my C++ days, and I’m looking forward to being able to code lists without type casts (especially boxing and unboxing casts).

The final presentation I went to was Diniz Cruz’s talk on security in Web and Windows applications. Diniz explained how you should treat the client part of an application as insecure, as reflection could be used to get function names and invoke them directly, bypassing your client application, and any client validation, and gave some very concerning demonstrations as to how easy it all was. With client validation bypassed, it is easy to call functions that connect to the server and cause SQL injection or buffer overrun attacks, to gain control of a server or maliciously change data. To make this more difficult, server applications should not run with full trust, and any client validation should be duplicated at the server.

Friday, October 21

Reflecting or Changing Behaviour

Joshua Porter argues that successful web sites model human behaviour. Amazon, for example, reflects the way we shop for books (we look at reviews, flick through the table of contents and compare similar titles).

Google is often criticised for misusing its power to influence the way we look for things. Its PageRank algorithm is a closely guarded secret, and many feel their web sites are not ranked as highly as they should be. It is widely believed however that if your site is linked to by lots of reputable sites it will have a higher rank.

This models the way we value content. We look to authorities to tell us what we should be reading or buying. I am sure that if Google’s PageRank algorithm did not model the way we value content, others would come along with alternative search engines that did.

If we, perhaps driven by commercial considerations, try and change people without reflecting the way they behave, our attempts will fail.

Tuesday, October 18

Regular Expressions

I've so far managed to avoid using regular expressions, preferring to use code to validate input data. Unfortunately, I had to use them yesterday, as a software package we use can be needs to use them for input validation.

I had to ensure a field contained exactly four characters if it was entered, but it could contain nothing at all. It wasn't easy to find out what I should use to verify a field contained nothing, but following a lot of trial and error, the following seemed to work:

([0-9a-zA-Z]{4})|^$

I think I should learn more about these, and how you can verify things like email addresses.

I've ordered the book, Sams Teach Yourself Regular Expressions in 10 Minutes by Ben Forta, which was only £5.49, and has been well reviewed. Amazon say they have dispatched it, so it should arrive today or tomorrow. I'll let you know 10 minutes after I get it if it's any good.

Friday, October 14

Introduction to Blogs and Blogging

I went to a very informative presentation on Blogs and Blogging last night.

Eileen Brown and Steve Lamb explained the concepts and techniques to get people to read your blog, and things you need to watch out for very clearly.

Internal or External

Craig Murphy describes the decision as to whether to carry out a project internally or externally. He suggests that the core business functions should be carried out internally, and other functions should be outsourced.

I think the decision should be more around how self contained a project is.

If something is self-contained, and does not need that much in the way from other people in the organisation, it can be cheaper to do this externally. The majority of time in these projects will be spent developing technology, and an external organisation might have people that are better qualified in the technologies that are used, and have experience using them on other types of projects.

If something depends on many others in the organisation, carry this out it internally. The majority of time in these projects will be occupied by complex chains of communication, and you don't want to add the difficulties that communicating with an external organisation will cause. If you use an external organisation, think about the chains of communication first.

Thursday, October 13

Tracking images in emails

There is some debate on WebMaster world about whether it's a good idea to track if emails are opened using a small image in the email.

There are concerns raised that if an email is tracked, people will mistrust the source, and many people turn off images, so the numbers are not reliable. I would agree with these, but I tracking emails is still appropriate in limited circumstances.

It is important to see if the subject line of the email catches your reader's eye. If one subject line catches the eye of 20% of readers, and another catches the eye of 10% of readers, then twice as many people will ultimately buy your product as a result of the first subject line.

My suggestion would be to send out a pilot of any email to one random sample group of about 50 people with one subject line with the tracking, and another to a different sample with a different subject line. Open rates can be tracked - you should get statistics quickly, and any differences can be noted. You can then send out the email to everyone else without the tracking (possibly in plain text) and you should get a better response rate.

Tuesday, October 11

Space Invaders and Pac Man

No-one appears to be playing pac-man and space invaders on my web site lately. I had a look at the free trial of WordTracker, and it suggests that lots of people search for "play pac-man online", but very few sites with this exist that contain this form of words. So I'll adapt my web site, and watch everyone visit it.

Connecting to oracle database

I was trying to connect to an Oracle 8i database using Ole DB from Visual Studio .net

I could read the system tables, but I could not see the user tables to select from them. The connection string was Provider=OraOLEDB.Oracle.1;Password={password};Persist Security Info=True;User ID={user};Data Source={datasource}

I eventually fixed this by changing the Connection String to specify Provider=MSDAORA;Password={password};Persist Security Info=True;User ID={user};Data Source={datasource}