Tim Marman's Loosely Coupled

Browse by Tags

• AJAX
• C#
• DRM
• Enterprise
• Innovation
• Microsoft
• Misbehaving Software
• Personal
• Programming
• Security
• Video

• Congrats to Faisal on his new role on the ADO.NET team

  My good buddy Faisal has moved from MSBuild to ADO.NET . Specifically, he's the Program Manager for LINQ to SQL and the Object Service for Entity Framework. He says you'll hear a lot more from him on these things, but of course if past history is any indication his blogging will be short lived :) Either way, I'm still waiting for him to convince me why I should LINQ instead of SubSonic . The only issue we're really having now with SubSonic is with the JOIN story, and they're supposedly prototyping stuff to address this in the next build. Posted Dec 05 2007, 03:45 PM by Tim with | with no comments Filed under: Technology, Software Development, Personal, Microsoft, .NET, Programming

• Microsoft Silverlight

  A lot of people are very excited about Silverlight , the technology that was formerly known as WPF/E. Jesse says it will give Flash a real run for its money because of a better video story (emphasis in original). Unlike Flash, Silverlight (the new name) will support DRM, it supports the industry standard VC-1 codec used in HD-DVD and Blueray, and it can take advantage of the built-in media streaming capabilities of IIS. As for DRM support, I don't think that's of any real consequence. Jesse claims "companies that want to stream TV and movies over the web, will not consider any method that doesn't allow for DRM protection", but we're already seeing a trend away from DRM. That said, there are certainly things to get excited about, particularly the prospect of cross-platform CLR support and the ability to develop Flash-like applications with the power of the Visual Studio environment (and not having to learn a new scripting language at that). One thing worth noting is the fact that Flash is... Posted May 25 2007, 02:30 PM by Tim with | with 2 comment(s) Filed under: Technology, Software Development, Innovation, Microsoft, C#, .NET, Video, Programming, DRM

• An Introduction to OpenID

  OpenID, which describes itself as "an open, decentralized, free framework for user-centric digital identity", has been gaining momentum and getting press in the Identity 2.0 space. The fundamental idea of OpenID is that a URI is necessarily unique and thus a good way to identify users. If you say you own a URI and can properly authenticate with the URI, then you must be who you say you are. Admittedly, this can be tricky to understand at first. Perhaps the best analogy is an open version of Passport, where you can download and run your own Passport server. When you go to Microsoft.com or MSDN, you don't log in to a "local" account - you are instead redirected to a Passport (now Windows Live ID) screen to enter your username and password. From a user perspective, OpenID is not that different as Simon Willison showed in this his screencast (embedded below). Scott Hanselman also discussed OpenID on a recent Hanselminutes and has a number of good resources (including the screencast) linked... Posted Feb 15 2007, 09:06 AM by Tim with | with 4 comment(s) Filed under: Technology, Software Development, Security, .NET, Video

• SQL Server installation problems on Vista? (Failed to compile the Managed Object Format)

  I've been having issues installing SQL Server 2005 tools (i.e., Management Studio) on Vista. I know it works because I was able to get it installed on my tablet also running Vista - I just couldn't get it on my desktop. I thought it might be related to SQLEXPRESS installed as part of the VS.NET 2005 install, but that didn't seem to fix anything. As it turns out, this is related to a corrupt WMI repository - and the fix is quite easy. C:\Windows\system32>winmgmt /verifyrepository WMI repository is INCONSISTENT C:\Windows\system32>winmgmt /salvagerepository WMI repository salvage failed Error code: 0x8007041B Facility: Win32 Description: A stop control has been sent to a service that other running services are dependent on. C:\Windows\system32>winmgmt /salvagerepository WMI repository has been salvaged As you can see, I had to run it more than once - but it eventually fixed the problem. I clicked Retry and the install went through fine. Hope this saves time for anyone else running... Posted Jan 22 2007, 05:48 PM by Tim with | with 28 comment(s) Filed under: Technology, Software Development, Microsoft, .NET, Enterprise, Programming

• SubSonic

  We've been using SubSonic lately, which I first bookmarked from Scott's post . Essentially, the project is an implementation of the ActiveRecords pattern from Ruby on Rails in .NET. Or as the authors describe it, , "a toolset that helps a website build itself". I'm using it on a project I'm working on now and so far it's been very useful - though we haven't had to scale yet. We had to slightly adjust our data model to be more SubSonic-friendly, but it's pretty flexibile and even supports stored procedures if you're into that sort of thing (we are). It also "singularizes" the database tables - i.e., a Companies table becomes a Company object, and a Books table becomes a Book object. (Though it does strip the last 's' from Business.... I'm reminded of that old 1-800-MATT-RES commercial). Regardless of future experiences, I can wholeheartedly recommend it to build a DAL for prototyping. Posted Jan 22 2007, 06:25 AM by Tim with | with no comments Filed under: Technology, Software Development, Microsoft, C#, .NET, Programming

• If you can read a file, you can copy it

  Raymond reminds us that there is no "Copy" access mask because copying is not a fundamental file operation . Copying a file is just reading it into memory and then writing it out. Once the bytes come off the disk, the file system has no control any more over what the user does with them. Something to keep in mind when designing your web applications. Once you send something to the client, you inherently give up control over what can be done with that information. Posted Jan 09 2007, 09:42 AM by Tim with | with no comments Filed under: Technology, Software Development, Security, AJAX, .NET

• JSON and XML

  Back at the PDC, I mentioned that Microsoft chose JSON over XML in Atlas, its AJAX framework. The debate has reared its head again recently, prompted largely by Tim Bray's post . Tim says that JSON is great for its single intended purpose, "to put structs on the wire." Dare, who used to work on the XML team at Microsoft, say JSON is better than XmlHttpRequest because it helps work around browser security model limitations and is easier to program with . The cross-browser issues are a particularly big issue that people have tried to tackle in different ways - I mentioned before that Julien is using a Flash proxy to work around these issues , and I've seen other architectures which use a server-side proxy on the original server to handle the third-party request. The key here is that AJAX is not about the technology , but the experience. JSON may or may not be the "best" way to approach this, but the exercise at least highlights some of the limitations (and, to be fair, strengths) inherent... Posted Jan 05 2007, 09:44 AM by Tim with | with no comments Filed under: Technology, Software Development, Security, AJAX, C#, .NET

• The Prevalence and Danger of SQL Injection

  Michael Sutton looks at the prevalence of SQL injection vulnerabilities ( via Bruce Schneier ). He tested 708 different servers and found verbose SQL errors on 80 of them (11.3%) - numbers that are not, as Michael says, surprising but are certainly sobering. Michael acknowledges that his method is imperfect, and in fact I think the percentage is actually a lot higher. His test only captures sites that are vulnerable and actually return verbose error messages. I guarantee there are countless others on his list that were actually vulnerable and fail "silently" (i.e., reporting user name not found, but not the words he is testing for). If you're not familiar with SQL injection, and what can happen as a result, I suggest reading Steve Friedl's wonderful introduction in SQL Injection Attacks by Example . (Image above borrowed from his article). Oh, Scott Guthrie also had a great post on how to avoid these problems . As you can see, it's not difficult - you just have to be aware and not construct... Posted Oct 12 2006, 03:53 PM by Tim with | with no comments Filed under: Technology, Software Development, Security, Misbehaving Software, C#, .NET

• ADO.NET vNext CTP (Aug 2006) available

  Microsoft has released the first CTP for ADO.NET vNext which implements their vision for an Entity Framework to simplify data access. The ADO.NET Entity Framework supports Object Relational Mapping scenarios using ADO.NET Entities, in this build you can: Query of persistent Entities using LINQ to Entities or Entity SQL Save new and dirtied entity instances through the object abstractions which also handle: State management Identity resolution Change tracking Work with persistent object graphs and leverage a programming and query model where relationships are a first class concept Use optimistic concurrency and server generated values with persistent entities Program against persistent entities as values using the new Map Provider Get first hand experience with Entities and the Entity Data Model Work with mappings based on view maintenance concepts to support Entity Splitting (entities split across multiple tables) Table Per Hierarchy, Table Per Class and Table Per Type mappings Property... Posted Sep 05 2006, 10:36 AM by Tim with | with no comments Filed under: Technology, Software Development, C#, .NET

• Managing Exceptions in Framework Code

  One of the long-running debates here has been the use of exceptions for managing workflow. This was especially fierce while we were working on the Javascript framework, but it has died down a little in the strongly-typed .NET world. The two major questions are: ... when should should you return false / null and when should you throw an exception? I've always been of the opinion that a method should only throw exceptions for events that are truly fatal. For example, a search method returning no results is not an exception. However, a method that internally uses that search method may throw an exception under certain scenarios if it was intending on operating those results. Others are of the opinion that everything should be thrown as an exception. The argument is that even something like no results should trigger exception-handling code, and the easiest way to do this is have the callee fall into a catch block. ( I would counter that, even in the catch block, you need to special case different... Posted Jan 04 2006, 08:00 AM by Tim with | with 2 comment(s) Filed under: Technology, Software Development, AJAX, .NET, Programming