I went to another good developer day yesterday. All the sessions were really useful, and I learned a lot that I could use immediately as well as things to take away and research later.
The day started with Kalen Delaney talking about the Index enhancements in SQL Server 2005. Kalen explained the new functions and views to display how indexes are being used in SQL server 2005, and how much easier it is to get a big picture of which should be there and which should not. Many large databases have far too many indexes, and it is time consuming to ascertain which are being used in execution plans. She then explained how indexes can be created whilst the database is online, without the need to lock tables in 2005. Covering indexes were covered next, and the concept of “Included Columns” was discussed, which get around a 900 byte limit, and will mean that many more queries need never touch the underlying data. Finally, Kalen mentioned that indexes could now be used to generate execution plans where characters being searched on were not the first characters in the index.
The next talk I went to was by Annie Matthewman on Domain Specific Languages. I have always believed in the importance of code reuse, and Annie explained the reuse maturity curve, where reusable components tend to become “owned” by a different part of an organisation and difficult to change. If reusable components are implemented as a DSL, they can still allow enough flexibility for users to tailor them to their own purposes.
Unfortunately, the technology looked complex to use in its current beta form, although my opinion will probably change wheb I download the betas and try and create a language and write an application in it. It will be interesting to see who uses these.
Perhaps consultancies familiar with particular areas of business could develop languages for their customers, although this will depend on enough customers being willing to migrate to Visual Studio 2005.
Before Lunch, I went to Brian Long’s talk on Reverse Engineering to get to know .net better. I haven’t really looked closely at the code the compiler generates for a number of years now. With modern PCs, it’s been some time since I’ve had to manually optimise any assembly language (now of course IL). However, with IL, if you decompile the IL you get something that is a lot closer to the original source than with earlier languages. You can therefore decompile the .NET CLI to understand it. However, a better method is often to download the Shared Source CLI (Rotor). This is very similar internally in most cases, and even if you are using the .NET CLI, it is likely to explain how functions work internally.
After lunch, I went to Mike Roberts talk on .NET development trees. The session started off by discussing in small groups the kinds of difficulties we had had that prevented new members of a development team writing code productively straight away. Mike recommended putting all libraries into source control, and discussed various techniques to allow version control of a database schema. Most of the ideas seemed sensible, and I’ve already been trying to adopt most of these practices in my own work for some time. The difficulties are in getting everyone to follow them, especially in projects where there are many temporary and inexperienced staff, and where the work includes areas that are not strictly coding, e.g. graphic designs and website content.
The next talk I went to was Daniel Fisher’s talk on data driven ASP.NET 2.0 applications. Daniel explained how much easier it is to set up applications that do not require code (and hence can be deployed more easily). He recommended that all the database connection logic can be defined in the user interface and configuration files, and that no class in the System.Data namespace should appear in your business logic. I’ve never really thought of this as an objective, but it certainly would make business logic components more reusable and portable. He also found time to briefly demonstrate generics in C# 2.0. I had used templates a lot in my C++ days, and I’m looking forward to being able to code lists without type casts (especially boxing and unboxing casts).
The final presentation I went to was Diniz Cruz’s talk on security in Web and Windows applications. Diniz explained how you should treat the client part of an application as insecure, as reflection could be used to get function names and invoke them directly, bypassing your client application, and any client validation, and gave some very concerning demonstrations as to how easy it all was. With client validation bypassed, it is easy to call functions that connect to the server and cause SQL injection or buffer overrun attacks, to gain control of a server or maliciously change data. To make this more difficult, server applications should not run with full trust, and any client validation should be duplicated at the server.
1 comment:
I was thinking of adding links to all the other blog entries about this, but I've found that Craig Murphy has beaten me to it with this comprehensive list of links.
Post a Comment