Closed

I have been having a lot of problems with blogger, so I decided to move my blog. My new home can be found here.

Agile Transition

One of the reasons my current job is so pleasant to work for is that everyone on the team has made the Agile transition seamlessly. Making the Agile transition requires change of mind set, and sometimes that is not the easiest thing to do. Michael Puleio described the changes he has made in his post since he joind Microsoft patterns & practices. A lot of the changes he made I am sure a lot of us on the team have also experienced, so I will not try to duplicate here. Just read his posts :)

Random Thoughts

Nowadays people think Agile development is a substitute for success. As Alistair Cockburn found out during his researching years at IBM, a team can succeed when there is no process at all. A process will not change the team or make them super developers. The purpose of Agile development is to minimize the risks for the business people and developers. In the Agile world we put down our psychic prediction hat and react to changes. After all, no two pieces of software are alike. With that said, there is no guarantee a project will not fail. People usually associate failed projects with projects that are cancelled. A project can still be considered some what of a success if it gets cancelled before all the money gets drained away. A win for the business.

Managers tend to jump on the process ban wagon before looking at the team. Ultimately a well defined process will not write the software, your developers will. Team chemistry is very important, in my opinion, because you could have all-star players, but if no one can work together, it is very hard to ship a product. I think it is very important to have a variable skill level team. In that type of environment, people will tend to explorer other possibilities. Modern software is too complicated to make text book assumptions. On top of that, as the saying goes, a team does not need too many chefs in the kitchen.

Many companies are obsessed with assembling the ultimate dream team based on skill set, but having great skills does not equal a great team player. A very important ingredient in the recipe to create a dream team is to find people who love doing what they do, but this tends to be over looked. When everyone on the team is working as one, the variable skill levels tends to disappear.

Indigo Security with AzMan

In the previous post, I mentioned how client side security can be accomplished by using .NET attributes with AzMan. Here are a couple of good posts on server side security using Indigo with AzMan:

• WCF Extensibility: Behaviors and Inspectors
• How To: STS/Windows Authentication with ADAM/AD, Roles in AzMan with WCF

Declarative Security with AzMan and CAB

In a previous post, I mentioned Controls can be dynamically disabled based on users' permission by using .NET attribute with AzMan and CAB. This week is our security iteration, so we are able to test the concept described in this MSDN article. The article suggested modifying the RootWorkItemInitializationStrategy.cs, so when each objects are built up, it will be disabled based on the attribute declared on the Controls and users' permission. I personally do not like the idea of modifying 3rd party code when it can be avoided. There is another way to accomplish the same thing by creating a custom BuilderStrategy then overiding AddBuilderStrategies method in the shell, so you can add the strategy during run time. It will look something like this:

public class YourShell : FormShellApplication {
 protected override void AddBuilderStrategies(Builder builder) {
 base.AddBuilderStrategies(builder);
 builder.Strategies.AddNew(BuilderStage.Initialization);
 }
}

Here are some pitch falls we ran across when we tried to implement security with attributes.

• Dynamically created controls cannot be applied.
• Literal strings are used in the declaration of attributes, so if anything changes with the security or Control, it will result in runtime rather than compile time.
• The declaration of Controls cannot be in the designer file because the designer file will get overwritten.
• Performance penalty during startup of the application.
• Explicit logic already exists to enable or disable the UI based on the state of the system will override the attribute.
  

In that article, XML file is used on the client side to map the AzMan operations. The configuration file can be completely removed if the list of valid operations is retrieved from a service layer based on the user's identity. This is recommended so all the operations can be retrieved from a central location. The article mentioned the source code is "demo" quality, and he really means it. Overall, it was pretty painless to implement the concept described in the article.

Client side security is for eye candy, but the real security comes when you secure your service layer. Service layer can be secured using declarative approach too, but that is for another time.

Invisible Leadership

I have been trying to write this article for weeks now, and I cannot seem to fix the article to the point where I would like. I am going to post it anyways, just as a caution some thoughts might not be well formulated.

For the past week we have been talking a lot about leadership at work. We bounced around ideas on what leadership means to us. We decided that in order for leadership to exist, there must be a leader. So the next natural question for us is what is a leader?

Fundamentally there are two types of leaders: institutionally defined or defined by your peers. Often this can be the same person, but it does not have to be. In this post I will talk more about non-institutionally defined leaders because it seems more interesting and unconventional. From this point on, I will just refer to a non-institutionally defined leader just as leader.

This type of leader can exist in any profession where people have to work together, not exclusively in software development. What are some characteristics of this type of leader? Since he or she is pretty much invisible from the corporate point of view, below I list some common attributes of a leader:

• Enjoys and cares about the type of work being produced.
• Strong problem solver.
• Approachable personality.
• Shares ideas with others.
• Assumes good faith of others.
• Shares a common goal with other members on the team.
• Exhibits patience with others.
• Works well with others.
• Strong Communication skills.

In order for one to be a leader, he or she must have followers right? How can an "invisible" person lead? I believe this person is only invisible to outsiders, but in reality, other members of the team know who this person is. This person leads by examples, and will set the bar high (I know this is a cliche, but it is true).

So far I have been talking about this magical person called the leader in a singular form. I believe there could be multiple leaders on a team, and a leader usuahlly emerges when he is able to provide insights to the problem.

So far I have described what a leader is, but why would anyone want to follow a leader instead of leading themselves? I think the most important attribute of a leader is the ability to solve a problem and convey the idea to the team. It is unlikely that everyone on the team can solve all the problems, assuming the problem is non-trivial. The person that is able to solve the problem with the best solution would be the leader in this case. Others would want to follow because we are all working towards a common goal, and would like to learn how the problem is being solved.

Having a leader is important to any team situation. Sometimes leaders inspire their team members to work harder so that they may too lead in some areas. Ultimately, this is beneficial to the entire team.

CoolCommands

Yesterday I found a really cool Visual Studio 2005 Addin. It adds many useful commands to the context menu. I will just list some of the features I like, but I will let you be the judge.

• Open Explorer browser by right clicking on a file.
• Automatically resolves missing references.
  
• Locate item in Solution Explorer on demand when active tracking is turned off.
• Copy and paste references from one project to another.
• Add multiple projects at once.
• Collapse all projects.
• Visual Studio Command prompt here.

Since we use Subversion it is very useful to be able to open the selected file in Explorer from Visual Studio. However, on my machine it was a little bit slow (my machine is known to be slow at times). I have the Solution Explorer active tracking turned off because it gets annoying when you are jumping from one file to another. With the addin, I can tell Visual Studio when to do the active tracking. Try it, let me know what you think.

The latest version can be found here.

Refactoring from Active Record to Repository

In the begining of our project, we started with a Repository like pattern for retrieving our entity objects. Our repositories were muddled, and at times, contained a lot of our business logic. We followed the basic pattern to create a repository for each entity object. It produced a lot of duplication because many repositories shared many very similar operations. The result was a confusing system, and made retrieving entity objects harder than it has to be. We decided to refactor to Active Record because we thought that will solve all our problems.

Active Record pattern made testing harder because static methods can not be polymorphic. Recently, we are leaning more towards repository pattern again, but we want to design it right this time. Repository will definitely alleviate testing. On top that, it will also allow us to cache data in a simple and centralized manner.

One thing that is not clear to us is which entity object receives a repository. Ideally, we do not want to create a repository for every entity in our system. In Domain-Driven Design by Eric Evan, he talks about using Aggregate to eliminate the need for creating a repository for each entity object. Aggregate is a group of associated objects that will be treated as a single unit. The root aggregate is an object that will encapsulate all associated objects. The client will have to retrieve the root in order to communicate with any objects inside of the root. Only entity objects will receive a repository is the root.

I think we are on the right path, but more disscusion is required to fully understand the implication of moving toward a full blown repository pattern.

Popup Advertisement

Recently someone mentioned that there was a popup advertisement on my blog. I was unaware of it at the time, and it should be removed by now. I believe the popup was caused by some JavaScript I added for traffic statistics. If the popup is still occurring, please let me know.

Dynamically Disable Controls on the Fly

In an earlier post, I mentioned we are starting to look at how to implement role based security in our Smart Client application. Since we are using CAB, it allows us to dynamically load modules on the fly without much effort. We need more control of the UI than just preventing users to see certain parts of the software. Ideally we would want to be able to restrict the UI at a more granular level, the control level. Traditionally, people accomplished this by adding if/else statements to the UI. This method can get messy very fast, and it is very hard to maintain. Before I go on, I would like to thank Chris Holmes (the guy who wrote the first version of the Outlook Explorer bar before Matias Woloski) on sending me so many userful links and ideas regarding this issue.

Irena Kennedy has a great article on how role based security can be accomplished at the control level using attributes. The article can be found here. The article assumes that you are using CAB and AzMan, but the concept is not exclusive to these technologies (It is worth to note that AzMan requires COM interop, so the performance hit has to be considered). It works by decorating the control you want to behavor differently based on user's role. For example, if you want only the manager to have the ability to delete users, you would declare the following attribute on the button:

[Authorization("DeleteUser", "Enabled", False)]

DeleteUser is the operation that is defined in AzMan, and in this case the operation will be associted with the manager role. If the user is not in the role, the button will appear disabled. The code that is acutally doing all the work lives inside of CAB in the RootWorkItemInitializationStrategy.cs. The good thing about this is the logic is isolated in one place, but the down side is we will have to remember to modify CAB code whenever a new version is released.

Databinding is EVIL

Ok, I am officially done with databinding. Today I was working with Steve on a piece of fairly trivial code, all we wanted to do was dirty checking on a few controls and provide the ability to roll back on a simple form. We poked around in the designer, and clicked here and there, then changed a couple lines of code. Overall it was very annoying, and very repetitive work because the databinding was acting flaky. Eventually we got the dirty checking on a modal form to work correctly. Before we checked in, we smoked the application real fast just to make sure everything was still working. We clicked around for a few seconds, we noticed the dirty checking was not working correctly sometimes, but we could not pin point the exact cause. By chance, we figured out the problem. If we move the modal form around on the screen after changing a value in a combo box, databinding goes nuts which breaks the dirty checking. For the most part of the day, I thought I was high because one second databinding was working, next it was blowing up.

We have been feeling the pain on databinding for a while now. I even wrote databinding on our house of pain white board, when I thought I understood databinding. We decided to stick with it because datatbinding makes things "look" so easy. It is like magic. The problem with databinding is it makes something that is very comoplex under the covers to appear stupid simple. Almost every example found in any book or on the Internet uses databinding. It seems databinding is the way to go. Databinding works fine if you have very simple UI that does nothing but display data in a primitive way. Soon as you introduce complex and rich UI, databinding makes things much harder. If databinding is so easy to use, why is Brian Noyes' book "Data Binding with Windows Forms 2.0" 696 pages? There is a lot more to databinding than what meets the eye, which can lead to some serious disconnect between team members. This can often lead to dangerous situations when the wrong assumptions are made. Before you know it, you are adding hacks, so databinding would work correctly as you would expect.

The predictibility of databinding is very low because not all controls behave the same way when databinding is used. Duplication is one of the worst things you can do in any program. The concept of what value the control is displaying is duplicated. For example, if you want to retrieve data in a combo box, do you get it from the binding source or from the control it's self? The worst part of all is the value displayed in the control can be out of sync with the underlying binding source.

I hope this does not sound like I am ranting, because I am not. Maybe I am old fashioned, but manually populating the controls will be much easier and more understandable. On top of that, the code will be more testable. Less magic is a good thing.

Role Based Command Authentication With CAB

At work, we've been having some conversations about the security architecture for our Smart Client. Specifically, we talked about using Authorization Manager (AzMan) to define roles within our application. I personally have no experience with AzMan, so I decided to google it. I found a couple of useful articles on Mariano Szklanny blog on CAB role based authentication. One of them is using AzMan.

CAB - Adding Command-level security to applications
CAB - CommandAuthorization AzMan Sample Application

.NET BigInteger and BigDecimal

I always wondered why there are no classes that represent big integers and decimals in the .NET API like the classes found in Java. Apparantly, as Greg pointed out in his post, the BigInteger and BigDecimal exists in the J# redistributables. It lives inside vjslib.dll. I guess my question is why does it lives in J# redistributables, and is it safe to use in any .NET application? BigInteger or BigDecimal can be very useful to any financial or mathematical application. You would think they would not hide it in the J# redistributables. Who uses J# anyways? ;)

Aardvark'd

We all know Joel has a great blog, published a couple of great books, but on top of that, he owns a great company. What else can a geek do after these accomplishments? How about an indenpendent film? Aardvark'd is a documentary on last summer's interns at his company, Fog Creek. I checked out the trailer, it looked interesting, but it is a little short in my opinion. What will Joel do next?

Rethrowing Exceptions

It is very common to see code that catches an exception then rethrows it without doing anything. Pieter Gheysens has a post on why you should not just rethrow the exception.