Ruminations of idle rants and ramblings of a code monkey

TechFest Sessions

Community | Events | User Groups
Sessions, that is, that I’m doing or participating in. :-) First, I’ll be participating in Zain’s session on VIrtual Worlds and Virtual World Evangelism. I’ll only be showing a bit of stuff for a few minutes … really just to showcase some of the things that can be done in Second Life. Next … the one that I signed up for originally … the OWASP Top Ten. This will review the vulnerabilities on the OWASP Top 10 (duh!), explaining each one and explaining how the .NET (and ASP.NET) platform can help you mitigate these vulnerabilities. It’s been very well received when I’ve done it on other occasions and it’s security … something that I’m pretty passionate about. Finally … this just in and HOT off the presses (as in, I just finished writing the demo!) … I’ll be doing a session on add Url Routing (from Fx 3.5 SP1) to existing applications. It’s already the magic goo behind MVC and Dynamic Data … but there’s no reason that you can’t use it for your current apps to provide clean, purty Urls in your applications. I’ll start at the very beginning with an ASP.NET app with all kinds of ugly Urls - they grew organically, so there’s no consistency in the names which, of course never happens in the Real World(tm). Then I’ll add routing in step by step by step … culminating in adding in a configurable (as in, from the web.config), reusable routing component for adding to these types of applications. Should be pretty cool. I’ll post the code for this when I’m done and I’m certainly using this in CSK. So … with that, I’m outta here and I’ll see (some of) you tomorrow at TechFest!!

New Houston User Group: Houston D2Sig (Silverlight/WPF)

Events | User Groups
Hello Houston … we have a new user group in town. After some delay due to an unwelcome visitor whose name begins with “I”, the Houston Developer 2 Designer (D2) SIG is holding its inaugural meeting this Thursday. Regular meetings will be on the first Tuesday of the month, but this first one was moved to Thursday so that it didn’t prevent anyone from voting (which you are doing, right???). Inaugural Houston-Area D2 SIG Meeting for Silverlight & WPF Designers and Developers Announced (Free) When: First Tuesday of Each Month 6:00 – 8:00 PM (First meeting is Thursday, November 6, due to Election Day) Where: Microsoft-Houston Offices (2000 West Sam Houston Parkway) This special interest group (SIG) is a community effort open to all interested participants. Each month, a different presenter from various organizations will present to interested attendees. The group is dedicated to exploring modern user experiences (UX) which are part computer programming and part artistic design. While traditionally there has been little overlap in the two disciplines, users now expect a good experience with a professional look. Covered topics will range from development in Silverlight, WPF and related technologies such as Microsoft Surface to design of rich interactive experience for graphical designers. The group strives to provide a good balance of content that appeals to both developers and designers. The inaugural meeting, to be held on Nov. 6th, 2008 introduces the SIG and the covered topics and technologies in general, before proceeding into this month’s presentation delivered by industry renowned expert, author, speaker, MVP, President of EPS Software Corp., and Publisher of CoDe Magazine, Markus Egger. Markus’ presentation will include the following topics: Introduction to Silverlight ans WPF (Windows) Creating a Silverlight Application Silverlight and WPF news from PDC! A first look at Microsoft Surface RSVP Requested Attendance of the SIG meetings is free. To allow us to plan the meetings better and to judge interest ahead of time, we ask people to RSVP here. (Signup through VPF Conversion is temporary and will be replaced in the future with

C# SIG Presentation

I have uploaded (finally) the presentation that I delivered to the C# SIG last Wednesday, July 16 to my SkyDrive. You can download it here. I did make some little modifications to it though ... and they address one of the outstanding questions of the evening ... how does ASP.NET Role-based security work with ASP.NET Dynamic Data? Well, it's pretty simple and straightforward, actually. Some background first. ASP.NET Dynamic Data uses SP1's UrlRoutingModule to map requests to the correct table ... with the name of the table appearing as a directory on the web site. So, when editing the "Products" table, the URL will be http://mydatasite/Products/[NameOfView]. Adding authentication and authorization for the entire site is a no-brainer; just add the authorization element into the web.config with the proper entries and you're done. Doing it for individual tables is just about as easy; in this case, you just need to add a location element to your web.config and configure the settings for the location. For example:<location path="products"> <system.web> <authorization> <allow roles="Products"/> <deny users="*"/> </authorization> </system.web> </location> In this case, we have defined a role called "Products" that can edit (and view, of course) the products table, but no one else can. This will behave exactly as would a "real" folder in any ASP.NET web site using role-based authorization with the built-in RoleManager (regardless of where the roles are actually coming from!). As I said, I added this to the demos that I uploaded. All access to the site is authenticated; no anonymous users are allowed. There are 2 roles - Products, which can edit the Products table and HR, which can edit the Employees table - and 3 users. All users have the same password (Pass@word1). Here's the breakdown: User ID Role User1 HR User2 Products User3 <No Role>   You can, of course, get a bit more complicated than this, but you'd have to do some additional customization of the different pages to do that.


Community | User Groups
In my previous post, I said that I'd be talking about ADO.NET Data Service. I'm not sure what happened to my brain, but that's not what I told Harry. I will actually be talking about ADO.NET Dynamic Data. Hope to see you there tomorrow!!

Presenting at the C# SIG

Community | User Groups
Boy, I'm on a blogging roll today, eh? I've got one more in the works that'll go out by the end of the day too.  The ol' keyboard is taking quite the pounding. :-) I announced this last night at HDNUG, but Bill reminded me that some folks may not remember it all (there was a lot going on last night) and besides, I meant to blog it anyway. Bobby Schaffer's Beginning C# SIG and Harry Nystrom's C# SIG will be meeting at the Microsoft offices on Tuesday, July 15. Bobby's SIG will be kicking off at 6:00 PM, where he will be talking about Inheritance in C#. Harry's SIG kicks off, I think, at 7 (maybe 7:30) and I will be there talking about ADO.NET Data Services, a killer-cool piece of .NET Framework and Visual Studio SP1, currently in beta. For each SIG, I'll also be giving away a copy of Visual Studio 2008 Professional ... so, yes, that's 2 copies of Visual Studio 2008 Pro!!! Food? Hmmm ... yeah ... typically it's BYOF (that's bring your own food). But ... ya know ... yeah, what the hell ... I'll spring for pizza & drinks.

Content from OWASP User Group

Security | User Groups
I had a blast speaking at the Houston OWASP User Group last night. I did a review of the OWASP Top Ten and we had a lot of good discussion and conversation around secure application development and some of the implications. Though a relatively small group, it was pretty lively and really good to hang with some folks that care deeply and passionately about secure application development. This presentation was one that I had put together a while ago but, while reviewing it for this presentation, I really wasn’t very happy with it. So, of course, I made a number of changes to it and added a bit of stuff. It certainly seems to have gone over very well, so I’m pretty pleased with it now. Still, for those of you that were there, feel free to let me know what could be improved … I think I’ll take this presentation and turn it into a webcast. And, without further ado, here’s the content. Keep in mind that the demos are pretty simple … they really have only enough to show some mitigation strategies for particular vulnerabilities so they aren’t part of an overall application.

Austin Code Camp Stuff ...

.NET Stuff | Linq | Performance | User Groups
I promised that I'd make the materials from my talk at the Austin Code Camp available for download. I've finally gotten it compressed and uploaded. It's 111 MB so be forewarned. Since I used WinRar (and that's not as ubiquitous as zip formats), I've made is a self-extracting archive. You'll need Visual Studio 2008 Team Edition for Software Developers (at least) to read all of the performance results. But I do have an Excel spreadsheet with the pertinent data.

A Gaming User Group?

Events | User Groups
Well ... something like that but not exactly. There's a new user group starting up here in Houston that's going to focus on gaming ... not playing games, but creating them. They are going to focus on the tools, techniques and tips that the average developer needs to create games for XBox or Windows using the XNA toolkit.  It's called the Houston Gaming and Media User Group (HGMUG); you can check out their web site at or out on CodeZone at   There's also a Facebook Group that you can join (if you are on Facebook, that is) at They'll be meeting for the first time this coming Thursday (5/22/2008) at the Houston Microsoft office where they'll get started with some history, current theory and some best practices for game development in addition to an overview of the XNA toolkit. And, yes, there will be a death match to cap off the evening (it wouldn't be a gaming user group without it, now would it??). Hope to see ya there!

Austin Code Camp ...

Events | User Groups
Well, I'm heading up to the Austin Code Camp on Saturday. Looking forward to it ... I'll be giving a talk on Linq performance at 1:00 PM. I've been doing some more tests (after the previous blog entry) and I've noticed some pretty interesting things about Linq performance versus traditional ADO.NET. I won't go into detail here ... that'd be spoiling the surprise ... but some of the results were certainly not what I was expecting. And ... since it looks like it's going to be a beautiful day, I'll be riding my lovely Ninja up there! :-) I won't go into the details of what I found just yet ... I'm going to leave that for the code camp ... but I will post the results here over the next week or two. There will be separate articles about each of the different tests and some of the interesting things that I found as I dug around with Sql Profiler to see exactly Linq for Sql was doing in the background.