Tim Marman's Loosely Coupled

Browse by Tags

• AJAX
• DRM
• Innovation
• Microsoft
• Misbehaving Software
• Programming
• Security
• Software Development
• Video

• Microsoft Silverlight

  A lot of people are very excited about Silverlight , the technology that was formerly known as WPF/E. Jesse says it will give Flash a real run for its money because of a better video story (emphasis in original). Unlike Flash, Silverlight (the new name) will support DRM, it supports the industry standard VC-1 codec used in HD-DVD and Blueray, and it can take advantage of the built-in media streaming capabilities of IIS. As for DRM support, I don't think that's of any real consequence. Jesse claims "companies that want to stream TV and movies over the web, will not consider any method that doesn't allow for DRM protection", but we're already seeing a trend away from DRM. That said, there are certainly things to get excited about, particularly the prospect of cross-platform CLR support and the ability to develop Flash-like applications with the power of the Visual Studio environment (and not having to learn a new scripting language at that). One thing worth noting is the fact that Flash is... Posted May 25 2007, 02:30 PM by Tim with | with 2 comment(s) Filed under: Technology, Software Development, Innovation, Microsoft, C#, .NET, Video, Programming, DRM

• SubSonic

  We've been using SubSonic lately, which I first bookmarked from Scott's post . Essentially, the project is an implementation of the ActiveRecords pattern from Ruby on Rails in .NET. Or as the authors describe it, , "a toolset that helps a website build itself". I'm using it on a project I'm working on now and so far it's been very useful - though we haven't had to scale yet. We had to slightly adjust our data model to be more SubSonic-friendly, but it's pretty flexibile and even supports stored procedures if you're into that sort of thing (we are). It also "singularizes" the database tables - i.e., a Companies table becomes a Company object, and a Books table becomes a Book object. (Though it does strip the last 's' from Business.... I'm reminded of that old 1-800-MATT-RES commercial). Regardless of future experiences, I can wholeheartedly recommend it to build a DAL for prototyping. Posted Jan 22 2007, 06:25 AM by Tim with | with no comments Filed under: Technology, Software Development, Microsoft, C#, .NET, Programming

• JSON and XML

  Back at the PDC, I mentioned that Microsoft chose JSON over XML in Atlas, its AJAX framework. The debate has reared its head again recently, prompted largely by Tim Bray's post . Tim says that JSON is great for its single intended purpose, "to put structs on the wire." Dare, who used to work on the XML team at Microsoft, say JSON is better than XmlHttpRequest because it helps work around browser security model limitations and is easier to program with . The cross-browser issues are a particularly big issue that people have tried to tackle in different ways - I mentioned before that Julien is using a Flash proxy to work around these issues , and I've seen other architectures which use a server-side proxy on the original server to handle the third-party request. The key here is that AJAX is not about the technology , but the experience. JSON may or may not be the "best" way to approach this, but the exercise at least highlights some of the limitations (and, to be fair, strengths) inherent... Posted Jan 05 2007, 09:44 AM by Tim with | with no comments Filed under: Technology, Software Development, Security, AJAX, C#, .NET

• The Prevalence and Danger of SQL Injection

  Michael Sutton looks at the prevalence of SQL injection vulnerabilities ( via Bruce Schneier ). He tested 708 different servers and found verbose SQL errors on 80 of them (11.3%) - numbers that are not, as Michael says, surprising but are certainly sobering. Michael acknowledges that his method is imperfect, and in fact I think the percentage is actually a lot higher. His test only captures sites that are vulnerable and actually return verbose error messages. I guarantee there are countless others on his list that were actually vulnerable and fail "silently" (i.e., reporting user name not found, but not the words he is testing for). If you're not familiar with SQL injection, and what can happen as a result, I suggest reading Steve Friedl's wonderful introduction in SQL Injection Attacks by Example . (Image above borrowed from his article). Oh, Scott Guthrie also had a great post on how to avoid these problems . As you can see, it's not difficult - you just have to be aware and not construct... Posted Oct 12 2006, 03:53 PM by Tim with | with no comments Filed under: Technology, Software Development, Security, Misbehaving Software, C#, .NET

• ADO.NET vNext CTP (Aug 2006) available

  Microsoft has released the first CTP for ADO.NET vNext which implements their vision for an Entity Framework to simplify data access. The ADO.NET Entity Framework supports Object Relational Mapping scenarios using ADO.NET Entities, in this build you can: Query of persistent Entities using LINQ to Entities or Entity SQL Save new and dirtied entity instances through the object abstractions which also handle: State management Identity resolution Change tracking Work with persistent object graphs and leverage a programming and query model where relationships are a first class concept Use optimistic concurrency and server generated values with persistent entities Program against persistent entities as values using the new Map Provider Get first hand experience with Entities and the Entity Data Model Work with mappings based on view maintenance concepts to support Entity Splitting (entities split across multiple tables) Table Per Hierarchy, Table Per Class and Table Per Type mappings Property... Posted Sep 05 2006, 10:36 AM by Tim with | with no comments Filed under: Technology, Software Development, C#, .NET