Session: Best Practices with the Microsoft Visual C# 3.0 Language Features
Originally, I had planned to attend the session Providing Load Balancing, Application-Level Failover, and Centralized Configuration Management with Windows Communication Foundation Services and Microsoft .NET Applications (say that five times fast).  However, Jay had really recommended Mads Torgersen as a knowledgeable presenter.  So, I decided to check the session out.

Like others before, Mads was a stay-in-the-IDE kind of presenter: he started with a blank class file and began coding away his examples, at least for most of his presentation.

Mads summarized C# 3.0 as:

1. A move from imperative to declarative programming
2. A paradigm shift from "how" thinking to "what" thinking
3. and...LINQ

One of the first features Mads talked about is Auto-Implement properties.  This is just a time saving convention.  Traditionally, when we have coded properties, we've always had to code a private member to store the value of the property: a "backing field" as he called it.  With C# 3.0, all you need to do is:

public string X {get; set;}

One gotcha Mads mentioned was that you must have both a getter and setter.

Another feature he mentioned was implicitly typed locals.  Where once we coded this:

List<x> y = new List<x>();

Now, we can do this:

var y = new List<x>();

Next was object and collection initializers.  This feature lets you reduce lines of code by setting properties of an object inline with the object initialization.  Thus, where once we had to do this:

Customer x = new Customer();
x.ID = "SomeId";

Now, we can do this:

Customer x = new Customer{ ID="SomeId" };

C# 3.0 also brings us Extension Methods.  Extension methods are a way of tacking on you own methods to a pre-existing object.  Here's an example of an extension method I wrote:

    public static class SomeExtensions
{
public static string ReverseMe(this string reverse)
{
char[] rev = reverse.ToCharArray();
Array.Reverse(rev);
return (new string(rev));
}
}

To use this method, then, all you have to do is call the ReverseMe method: MyString.ReverseMe().  The reverse of MyString will be returned.

Lambda expressions is the next evolution of the delegate story.  Where once we did something like this:

delegate (Customer c) { return c.City == "London"; }

Now, we can shorten that syntax to this:

( c => c.City == "London" )

LINQ is obviously one of the most popular features of C# 3.0, so Mads spent some time talking about how LINQ helps integrate our queries in with the rest of our code.  The last item I have jotted down in my notes is Expression Trees.  Expression trees are something like lambda expressions that make use of the new Expression<T> type.

Session: N-Tier Development with Microsoft Visual Studio 2008 and Windows Communication Foundation
Here was another session I attended presented by Rocky Lhotka.  This time, unlike the "N-Tier" session I attended on the first day, Rocky really did work toward the goal of physically separating out the layers of an application.

He started with the good 'ol DataSet.  Did you know you can actually separate the DataSet and its adapter into separate assemblies?  Rocky showed us how.  Who knew we could actually achieve some level of separation of concerns with the dataset?

Next up was Windows Communication Foundation (WCF).  Rocky proceeded to walk through an example of passing strongly typed datasets via WCF.  These types must be installed on both the client and server.

Rocky then dove into a discussion of the DataContract.  He contrasted the DataContract attribute with the Serializable attribute: the DataContract attribute adopts an "opt-in" approach while the Serializable attribute adopts an "opt-out" approach.  The "opt-in" approach requires that you explicitly decorate all the members of your class that you want to serialize over the wire.  You do this with the DataMember attribute.  The danger here is that if you have a large domain object, you may miss a member.  On the other hand, the "opt-out" approach of the Serializable attribute assumes that all members of your domain object should be serialized unless you explicitly state not to serialize a particular member.  This approach could be deemed safer--at least from the absent-minded developer.

The last topic Rocky covered was the serialization engines of WCF.  The Data Contract Serializer (DCS), "does not preserve the graph shape."  I can't remember exactly what Rocky meant by that, but it sounds bad--I vaguely recall that this reality could play havoc with deserialization efforts on the part of the client or server.  Apparently, the DCS includes a constructor overload where you can force the serializer to preserve the object graph shape, but that can apparently get sticky.

He then moved on to the Net Data Contract Serializer (NDCS).  The NDCS has the ability to serialize more complicated domain objects, but, if I recall correctly, it comes at the sacrifice of interoperability.

Session: Windows Presentation Foundation-Based UI: What We've Learned So Far and What's Still to Come
The session was presented by Dr. Gil Hupert-Graff of Beyond UX.  This was another one of those touchy-feely type presentations--or maybe my design skills are so poor that I don't know a good design presentation when I see one.  At any rate, the good doctor walked through a few demos of applications his company built for clients--applications with a UI/WPF/wiz-bang emphasis.  He then went into his company's experimentation with the intersection of design and development--where the scope of the designer ends and the developer's begin.

Expression Blend makes this intersection even more interesting because it can be both a design and a development tool at the same time (of course, it also serves as a tool equally hated by most designers and developers).  Gil discussed how his team has used story boards to layout a UI and then used a combination of Photoshop and Blend to make the story board a reality.  He also laid out some interesting workflows of when and where the designer does work and when and where the developer picks up the remaining tasks.

Session: Jump in the Car and Race to the Airport
Well, I had to cut out a little early to make my flight.  Overall, the TechEd experience was a good one and going back over all my notes was a good refresher--a tough task, to be sure, but a useful one.  I'm looking forward to getting the DVDs and, hopefully, all the demo code.  I'm also looking forward to finishing building out my new machine (inspired by this and this), so I can really start digging into WPF and Silverlight2, among other technologies.

Session: Making your test lab obsolete with Test Test and Virtualization
Mike Azocar (here , too) conducted this presentation.  As the title suggested, Mike spoke from a completely Microsoft tools-oriented perspective (so, if you have a couple grand more for Team Edition Tester and some of Microsoft's virtualization products, have at it); never the less, I hoped to get a few nuggets of wisdom out of this talk.

Mike discussed Microsoft Hyper-V--near as I can figure, the console for managing your virtual machines in Windows Server 2008--and System Center Virtual Machine Manager (VMM), yet another tool from Microsoft for managing virtual environments.  What's the relationship between these two technologies?  My guess is that Hyper-V is the new and improved VMM for Server 2008, but that's just my guess.

So, Mike talked about authoring tests in Visual Studio Team Edition Tester and then using TeamBuild and VMM for launching virtual machines within which you can test your product.  Mike's presentation seemed to stop at the point of firing up the VM, implying that you then deploy your application to a given VM and begin manually testing in said VM.  I say phooey on that: I want to automate as much as possible.  If I spent money on Team Edition Tester and spent time writing integration tests in the tool, I'd want to leverage that automation in the VM, too.  Fortunately, you can do this.  Mike said that you simply change the URLs used by the integration (web) tests to that of your deployment in the given VM.  Again, is this a manual change or can this alteration be automated, too?  I assume that the Team Tester integration tests store the URLs being tested in some sort of config file, so I suspect that with a little bit of work, one could author some MSBuild/TeamBuild script to alter the web test URLs to point to the deployment in the VM.

The biggest gem I got out of this presentation was a quick five minute aside by Mike describing how VMM spins up a new VM: apparently, it uses Powershell to do this.  Sweet.  Mike quickly flashed one of these scripts and I scribbled down two cmdlets:

• get-VM
• get-dvddrive

Hmm.  I wonder where I can get these cmdlets?  Mike wasn't sure, but he said that there are a few communities out there on CodePlex and the rest of the inter-tubes where I would likely be able to find them (I suspect, though, that they're really part of the VMM installation).  I also caught a brief glimpse of the MSBuild/TeamBuild script Mike was using to power the build and test deploy of his demo app.  It included this line:

<exec command="xcopy..."/>

So, in a post build event, Mike is shelling out to xcopy to deploy his solution to the VM.  No magic there.

As I've said before, some day I'd love to see some innovative presenter(s) take many of these TechEd presentations and add the subtitle, "On the Cheap."  Thus, how would one approach "Making your test lab obsolete with XX and Virtualization...On the Cheap"?  I would think you would author your integration tests with something like WatiN, WatiR, and/or Selenium.  For the virtualization piece, you're like not going to get away from the expense of VMM or VMWare--but, what are you gonna do?  For the glue in-between, Mike's given me some clues for constructing an MSBuild script for deployment (no TeamBuild 'cause TFS costs money and, anyway, my company thinks ClearCase solves everything from source control to world hunger) and for constructing a Powershell script for spinning up a VM to host my test deployment.  Good enough for now.

Session: Data Access Layer: Architectural Concerns for Object/Relational Mappers (O/R-M) with Examples in NHibernate
Last year, I attended BOF moderated by Jeff Palermo, but not a session.  I didn't know what I missed until I attended this one.  Man, Jeff's a really dynamic speaker.  That really helps, too, when you've hit midmorning and you're coming down from your early morning coffee binge.

On a side note, he filled the pre-session dead air with a music montages including the fantastic Code Monkey.  If he were accepting requests, I would have suggested Web 2.0 Bubble or the non-musical but still entertaining New Media Douchebag.

So, the general point of Jeff's presentation was about making separation of concern decisions in your architecture so as to abstract away your Data Access code for better testability, maintenance, and upgrade (switching to newer, better, or alternative technologies).  This session was vaguely reminiscent of Paul Sheriff's From Zero to N-Tier presentation that I discussed previously, but Jeff had lots of great examples around loose couple (dependency injection) and unit testing.  One thing I found interesting was his terminology for the different layers of an application.  I noticed this terminology used by other presenters at the conference, too.  Maybe it's time I update my lingo:

Jeff's Terminology	Mine
User Interface (UI)	UI
Core	Business Layer (BAL)
Infrastructure	Data Layer (DAL)

Jeff strongly suggested reading the book Domain Driven Design by Eric Evans.

Jeff is another one of these types--like Scott Hanselman and Scott Cate as previously noted--who likes to code for most of his presentation.  Actually, come to think of it, his demo was largely completed prior to the presentation--he just navigated around his demo the majority of the time (which was still much better than just staring at Powerpoint slides).  And, like Scott Cate, he was kind enough to share his demo code (and code from other presentations) on his Google Code page.

Another aspect that attracted me to Jeff's presentation was his use of NHibernate in his presentation.  Finally, a presentation that doesn't toe the full Microsoft line (or maybe I should just be thankful that Entity Framework hasn't shipped yet).  He made some pretty good use of NHibernate, too, particularly in his unit tests.  Another novel convention was his use of StructureMap in his demo code--now that's pretty audacious of Jeff, considering that Unity Framework has been RTMed.  What's going to happen next--use NUnit instead of MSTest?  Perish the thought!

Session: Building Data Visualization Applications with the Windows Presentation Foundation
Up till now, I've been rather successful at avoiding these new user interface technologies--I've always considered myself more of a coder than designer, anyway (or at least I acknowledge that I stink at UI design).  However, there's seems no escaping the UI borg, so I thought I'd at least let Tim Huckaby assimilate me.  Besides, I've always enjoyed his conversations on .NET Rocks.

Tim just powered through his presentation with example after example.  He kicked things off with a demo of his famous Cancer application.  The Cancer application was a WPF application on top of a Sharepoint platform.  It was pretty awesome.  The WPF UI would display molecules in 3D and allow the user to rotate them around, do annotations, and more.  The .NET Rocks guys interviewed Tim on the application last year and Tim said that other developers have adapted the application for other purposes, like CAD work.  Tim showed those adaptations off a little, too.

Next, Tim went through a series of demos of different third party controls designed for use with WPF.  Very cool stuff, but, of course, they ain't free.

For one of his final demos, Tim brought up two guys from...uh...er...well, the name of the company escapes me and I didn't write it down.  Not important anyway.  The company writes software for casinos; Tim had them demo one of their latest solutions--a really cool application that acted like it's own mini desktop.  It had this cool, animated wallpaper in a frame with different icons on it representing different applications.  They launched one of these icons to reveal an application that collected and analyzed data from the different games and slot machines on the casino floor.  What I found most interesting about the application--aside from its already innovative use of WPF--was a button labeled 3D.  The developers said they had one requirement that they just could seem to accommodate with WPF--their client wanted a feature in which a user could walk through the casino floor virtually in 3D.  According to the developers, WPF couldn't deliver on this, so they went to Plan B: XNA.  They somehow rigged up their WPF application so that it could shell out to an XNA application representing a 3D model of the casino floor.  Really cool.

Tim wrapped up with a few reading recommendations--well, one that I wrote down, anyway.  WPF Unleashed by Adam Nathan.  He also posted up links to most of his presentation on his blog.

Session: Separation of Concerns: New Practices for Decreasing Coupling and Raising Cohesion
The presenter for this session was French Canadian Mario Cardinal.  Although he had an outrageous accent, his presentation was a good, all-purpose push for separation of concerns via Dependency Injection, the use of interfaces to better decouple implementation details, etc.  Overall, my biggest take away from this presentation was the fact that Mario was basically echoing the same story line that Jeff Palermo delivered earlier today and that I heard from Juval Lowy two days before: separating your logical layers by interface is a good design approach.  It's good to hear this message coming from multiple, independent sources.

Mario talked about two ways of transferring object "instantiation to an external party": a pull approach via indirection and a push approach via inversion of control.  Indirection is characterized by factories, registry, and a construct commonly called the Service Locator.  These helper constructs commonly use reflection to load up the proper implementation instance, but one thing to note about this approach is that the "service locator must be visible [to] every object."  I guess that means that every object served up by a Service Locator must reference this helper construct?  I can see how that would be bad if you decide to later swap out your current Service Locator with another.  Inversion of Control/Dependency Injection apparently has a better decoupling story but introduces more complexity (as evidenced by this increasingly ambiguous blog post).  Mario seemed to fall on the IoC/DI side of the fence for the most part, showed some examples, and then talked briefly about some of the available DI frameworks (and stressed that you shouldn't write your own):

• NInject
• StructureMap (also, Jeremy Miller's primer on IoC)
• Castle MicroKernel (Windsor)
• Spring.Net
• Unity

Pulling back slightly, Mario talked about the logical layers in general and identified these four basic layers:

• Presentation - contains the views
• Application Model - contains the controllers
• Domain Logic - contains the work of the business domain
• Infrastructure - provides services to communicate with external infrastructure (configuration, persistence, logging, caching, security)

The terms sound vaguely similar to the terminology Jeff Palermo was using in his presentation earlier in the day.  Mario also mentioned how the thoughtful construction of namespaces can help promote better decoupling and how tools like NDepend can be used to determine architectural violations.

Session: Architects: How are they made?
I generally try to avoid touchy-feely, non-technical discussions, opting for sessions with real technical meat.  To me, I'd rather know all my technical options to solving a problem--I feel like I'm pretty good at figuring out how to piece together all the different bits into something coherent and effective.  Never the less, this session was put on by Rocky Lhotka--someone who's opinion is well respected and someone who takes a very practical approach to technology and architecture.  So, I thought I'd give it a go.

Actually, the session made for a good end-of-day talk: not too many details to focus on; just a conversation around the dynamics of software architecture and design.  Rocky started by giving us a bit of his resume, so as to give us some context as to how he has developed his opinions regarding software architecture.  Boy, does he have a lot of experience.  Sometimes, it might be nice to hear other speakers outline their career path and their usage of whatever it is they're presenting on so that we can put their statements in a better context (I would say the same for the idiot talking heads on the nightly news, but that's a post for a different blog).

Rocky identified three main categories of architects:

• Application Architect
• Enterprise Architect
• Systems Architect

Interestingly, these types map roughly to what we've talked about in the Architecture Special Interest Group at the Cincinnati .NET User Group.  Rocky went on to outline several personality types of architects.  These include:

• The Rock Star
• The Artist
• The Daredevil
• The Carpenter
• The Strategist
• The Guard

Each type brings unique opportunities and baggage.  Some, like the Rock Star and the Daredevil, bring an improved speed-to-market ratio, but tend to introduce a certain level of instability in the solution, development team, or both.  Others, like the Carpenter or Strategist, bring a lot of thought and planning to the to the architecture process, but can sometimes sit and ponder for too long.  I feel like I'm too much of a Strategist when it comes to solving many problems, including my .NET to JMS problem--do I continue with a monolithic wrapper around the Tibco API?  Do I jump on an open source offering like Spring.NET or NMS?  Do I write my own adapter for WCF (like IBM did for MQ Series--which begs the question, where is Tibco on this one)?  What do I do...what do I do?  Let me sit and strategize some more.

Session: Party at Universal Studios
After another long day of learning more cool technologies--don't you just feel sorry for us?--Microsoft rewarded us conference attendees with a night a Universal Studios.  Art, Jay, and I enjoyed a good night of food, beer, and rides.  Probably the highlight of the evening was the Simpsons ride, where I think I spent half the time laughing at Art's chortles.  The Men In Black ride was fun, too--I still don't know how Jay got double my score, though.

Session: Making Security Testing Part of Everyday Development
Wednesday began with a bang!  If I had my doubts about dubious presentations on the first day of TechEd, this Wednesday morning presentation removed them.

Tom Gallagher of Microsoft presented on security testing using real-life examples (including security vulnerabilities found in that darn Clipy).  Tom constructed his presentation around five tips.

Tip 1: Think maliciously
For this tip, Tom talked about an old Microsoft service called Free/Busy.  Part of the service allowed users to send email invitations from a Microsoft web page.  Thinking maliciously, Tom showed how you could easily insert HTML into the body of the message that could execute malicious actions on client desktops.  He also showed how that feature could be exploited for phishing attacks.  After all, the sender does say microsoft.com.  

Tip 2: Identify entry points
I don't remember Tom's example for this one, but here's a list of tools he brought up to help you identify entry points to an application:

• netstat (the -anb argument will show all active connections)
• Microsoft's network monitor v3.0
• ViewPlgs (identifies protocol handlers)
• File Extensions association - this tool shows file extensions and the application to which they are mapped.  Also, certain extensions can be marked as "automatic download," meaning that when you click on a file with such an extension in your browser, it will automatically start to download.  This could be potentially dangerous.
• Process monitor

Tip 3: Understand related attacks
For this one, Tom mentioned the phrase, "same bug, different app."  So, this tip seemed to be about recognizing security flaws common across many applications: your application could be just as susceptible as its peers.  In his example, Tom used the name value Bill O'Henry.  O'Henry should be valid last name; however, your application should be careful to ensure that the single quote value is not a setup for a SQL injection attack.

Tip 4: Deeply understand/test the application
For this tip, I wrote down the quote, "always assume people have your code."  We know that .NET code is generally easy to disassemble with tools like .NET Reflector, so, it seems reasonable to make such an assumption.  I wrote down two tools--LogView and Web Proxy Editor--next to this tip in my notes, but I don't recall what value they added to the tip.

Tip 5: Leverage existing tools
To me, this is always one of the more interesting discussions in the security testing space--what tools, particularly free tools, are available to aid you in testing your applications for security vulnerabilities.  Tom began by talking about fuzzers and fuzz testing.  Then he dove into a long list of tools.  Sorry, but I have no links or definitions of these tools--I list these here as a placeholder for later research:

• Debugger
• SQL Profiler
• XSS Detect
• MITM TCP Proxy
• Looking Glass
• Peach (a type of fuzzer)
• WinDbg

So much to learn, so little time.

Session: Pragmatic Architecture: Presentation
I wanted to make sure to catch a Ted Neward presentation: I've found some of his opinions interesting after hearing him on .NET Rocks and reading his blog.  So, I caught his session on Pragmatic Presentation Architecture.  It was another presentation held in one of those frightful theaters--I made sure I got there in plenty of time to get a seat which was a good thing since the session was soon packed to capacity.

Of the few conferences I've attended, I usually go with the hope of picking up new approaches in code and other technical details that I can later apply to my problems at work.  Thus, when I wind up sitting through a presentation that discusses higher level challenges than just the technical details, I get a little crestfallen.  Certainly, there's a time and place for discussing and embracing these "softer skills" and I probably should develop a better attitude toward such studies.  However, there are only so many hours in a day (and conference) and I'd prefer to spend the majority of that time in the bits and bytes.  

Anyway, Ted's presentation was one of these higher-level type discussions.  What are the important facets to consider when architecting a presentation layer of a solution?  Ted postulates at least five points of consideration:

1. Style - should we seek a graphical solution or simply a command line interface?
2. Implementation - how will the presentation layer be implemented: through code, markup, something else?
3. Perspective - UI requirements might change based on the role of the user.  This can be an important consideration in the architecture.  Reporting can also be a factor here.
4. Cardinality - a UI can be composed of a number of unique elements that interact with each other at some level.  The term "mash-up" fits in this space.
5. Locality - are UI resources remote (server-side code, web services), local (desktop, client-side code), or some hybrid in between?

That's all I have to say about that.

Session: ACE Performance Testing and Tuning Methodology Using Microsoft Visual Studio Team System 2008 and the Latest Microsoft Tools
The Assessment Consulting & Engineering (ACE) team is one of the consulting wings of Microsoft.  Edmund Wong of the ACE team conducted the presentation (I couldn't find any blog by Edmund, but here's the ACE team blog).  

Performance testing and tuning is certainly one the less sexy topics in software development, but it's understanding how to squeeze more performance out of your application can be an incredibly powerful skill.  Edmund began by identify three main objectives of the ACE team regarding performance tuning:

1. Resolve single user problems.
2. Remove stress related problems.
3. Perform capacity testing and planning.

As is typical of most of these kinds of presentations, Edmund used Microsoft tools in his demonstrations: namely, Visual Studio 2008 Team Edition Tester and the Web and Load test tools therein.  Some day, I'd like to see someone duplicate many of these TechEd sessions but add the subtitle, "On the Cheap."  Thus, the question would be, how could I perform similar performance testing and tuning not withTeam Edition Tester, but, rather, with any available open source tools?

Anyway, Edmund walked through the different reports and graphs produced by Team Edition Tester and highlighted some of the metrics he considers important including performance counters, SQL trace information, and IIS log information.  He did mention some free tools he's used including SQL Performance Dashboard (I think this is it) and wcfTrace (or maybe he meant WCF Load Test since I couldn't find a tool called WCF Trace).  He also pointed out the team's Performance Testing Guide.

The one thing I really wanted was an Excel spreadsheet he kept referring to that had recommended thresholds for certain performance metrics (eg. a well tuned application running on a single web server of X specification should be able to serve Y requests per second).  I've searched long and hard for such pronouncements from any relatively respectable organization and always came up empty.  Here, in front of me, was the very document I've been looking for.  Of course, Edmund assured everyone that the spreadsheet would be available along side the Powerpoint presentation in the TechEd website, but I've looked several times and have only found the Powerpoint.  Maybe I'll hold my breath until the DVDs come out...or maybe Edmund was just yanking my chain.

Session: Jumpstart Data Driven Web Applications with ASP.NET 3.5 (Part 1 of 2)
Well, I had to get in at least one Scott Hanselman session, so this was it.  Scott suggested a possibly better title for this session could have been, "Stuff with Data isn't as hard as before."  
Scott began the discussion by identifying where we are today: with lots of data access code based on strings and "loose binding" that can't be checked at compile time (nor do we get any intellisense).  He called this paradigm "tunneling".  For example:

He then showed how you could achieve better results--compile-time checking, strong typing, etc.--with LinqToSql.  For example:

The next topic that sparked my interest was his discussion of the new ListView control in ASP.NET 3.5.  he ran through some pretty sweet examples on how to change the look and feel of this control (more examples here).  Another new control he covered was the LinqDataSource control: used to bind LinqToSql queries to data controls.

Overall, though, the topic that really blew me away was his discussion of the new ASP.NET Dynamic Data.  ASP.NET Dynamic Data is Microsoft's adoption of the concepts of scaffolding and templating that I've seen in Grails and, from what I've heard, is a component of Ruby on Rails although I've spent almost no time in that technology (sorry Ruby folks, but there are only so many hours in the day).  The framework will roll out with .NET Framework 3.5 SP1 which is still in beta.  Don't know if I can wait for the RTM, so I might have to work on spinning up a throw-away VM in which I won't feel uneasy about installing a beta service pack.

On a side note, Scott and many other presenters (myself included), take an approach where they like to spend the majority of their presentation time in the IDE writing code.  This is a fantastic way to spend the presentation time because presenters are forced to prove the veracity of their claims and because the attendees get to see real implementations--not just abstractions on a Powerpoint slide.  The downside of this is that, unless you take meticulous notes (or the presenter supplies the code he wrote), when you review the presentation deck days or weeks or months later, you're going to forget virtually all the concepts discussed.  You'll simply have a deck with several slides saying, "demo here".  Personally, the way I try to combat this problem when I do a presentation is to make sure I take snapshots of key portions of the demo code and paste them on slides in the deck--many times annotating those images with circles, lines, and other notes pointing out the key pieces (I also try to provide my sample code along with the slide deck).  That way, someone reviewing the presentation later on can get most of the concepts by simply thumbing through the slides.

Unfortunately, Scott's deck was riddled with "demo here" slides and no code was available for download from the TechEd site (maybe it will be available when the DVDs come out).  That, plus my sparse notes means that I don't have as much content to share on this session as I'd like.

Session: Microsoft Visual C# Compiler Tricks
Scott Cate did this presentation.  Last year, Scott did a great presentation at the Cincinnati .NET User Group on Model-View-Presenter.  

When I saw the title of this presentation (and like every other presentation, failed to read the abstract), I thought Scott would walk us through interesting approaches to compiling your .NET code from the command line with csc.exe.  Perhaps we'd even get into an interesting Domain Specific Language discussion which requires you to do some interesting compiler tricks to get the compiler to understand your made-up language (for example, this).

Scott immediately dismissed these theories: on the contrary, we would be working entirely in the IDE in .NET 2.0 and perform tricks to retro-fit some of the new features of .NET 3.5 back into a purely .NET 2.0 application.  Hmm.  Sounds interesting.  Not sure that I would want to do that in my business applications, but I'll bite.

Scott then went on an interesting tour of ways you can force the .NET 2.0 compiler to allow you to use certain .NET 3.5 syntax.  One of these is the Extension method.  Scott referenced this blog post from Daniel Moth and walked through the example.  One cool thing Scott did was to make sure his compiled DLLs would appear in Solution Explorer of Visual Studio and associate the DLLs to .NET Reflector so that you could easily see the IL code generated by the compiler.

Scott continued to talk about some other features of .NET 3.5 that you could refactor back into your .NET 2.0 code, but that's where my notes start to go fuzzy.  I wrote down Lambda expressions and Linq to SQL and Linq to XML, but now I'm not really sure what I meant to say about those topics.  Fortunately, Scott has been kind enough to post his slide deck and his example code.  (Scott Cate, like Scott Hanselman, is one of these guys who likes to live in the IDE for most of his presentation time, usually beginning with a blank page and coding until his can successfully convey his message.  Thankfully, Scott Cate has pushed up his demo code to the inter-tubes.)

Session: Beer and Mexican Food
I was fortunate enough to find out the Friday before TechEd that my pals Jay and Art would be attending the conference, too.  I've worked with both Jay and Art to a limited degree at my company.  Both live and work in different states.  I met Jay once but never met Art face-to-face, so I was looking forward to hanging around with the two during our week in Orlando.  The TechEd sessions kept the three of us very busy, but we found a bit of a break Wednesday evening (before the Birds of a Feather sessions) to catch dinner at a local Mexican restaurant and catch up on our different activities in our work and personal lives.

Birds of a Feather Session: Microsoft .NET Framework-Based Application Hardening
Art, Jay, and I spent too much time chowing down tacos and we ended up missing the first session of the BOFs.  Frankly, few of the sessions in that first hour seemed very appealing, anyway.  I probably would have taken in either Design for Testability or Dynamic Language and the DLR, but wasn't really upset that I missed either.  In contrast, the next set of BOFs had me at a six-way tie for which session I would attend (if only human cloning were a viable option).  Would the lucky winner be:

1. ASP.NET vs. MVC.  What's your take?
2. Top Considerations for Ensuring Microsoft .NET Framework Based Application Manageability
3. Making Sense of All: Heterogeneous Data Access on the Microsoft .NET Framework 3.5
4. Patterns and Practices in the Real World
5. Code Style and Standards
6. Microsoft .NET Framework Based Application Hardening

Hmm.  Hard decision.  Since, in many ways, my team at work is kind of like a mini Patterns and Practices team, let's try that one.  Well, as I said, we had been busy chowing down tacos and, as a consequence, were about 10 minutes late to the second set of BOFs.  When we tried to enter the Patterns and Practices in the Real World session, we were turned away at the door by the TechEd staff: "this session is already full."  Ok.  Now I'm down to a five way tie.  Well, security is an oft overlooked topic at my company (at least from the development perspective), so let's attend that one.  So, Art and I went to the Microsoft .NET Framework Based Application Hardening; Jay proceeded to a different session.

For a while, I have been keenly interested in the concept of .NET application hardening.  Usually when I hear the term hardening, it's used in a kind of CISSP where security professionals spend time analyzing and locking down network peripherals and server operating systems.  In the .NET space, we hear about ways to prevent SQL injection and cross-site scripting attacks, but there seems to be a large gap between a hardened OS and application code written to avoid certain kinds of attacks.  I'm thinking mainly of what can be done at the machine.config and web.config levels to harden a .NET application.  

It seems to me, the largest consideration in this space is Trust Mode, but I'm sure there are other considerations, too (machine validation key?  code access security?).  Microsoft generally recommends that web servers hosting Internet-facing applications or serving as a shared hosting environment for different applications run in Medium Trust mode (see Stefan Schackow's book, Professional ASP.NET 2.0 Security, Membership, and Role Management, for a good reference on Trust Mode and other ASP.NET 2.0 security considerations).  I do know that Microsoft does have their Security Development Lifecycle (SDL) guidance, but I have not found the time to work through those tools--maybe this BOF would cover that guidance, too.

So, my hope for this BOF was to discuss all the various hardening options that lie between the operating system and your C# code and, as pertains to Trust Mode, are there relatively easy ways to test your application under Partial Trust?  I would hope that the answer is not--install your app on a development server running in Medium Trust and do your testing there.  Rather, I would hope that by now there are ingenuitive ways to test your application in Medium Trust right on your development workstation.  Could NUnit do this or would  you have to do this as part of your integration tests and make sure to set your trust level to Medium in your web.config before running your tests?  It would be nice if there were some button you could flip to suddenly run debug code in Medium Trust, but that may be asking too much.

Anyway, the first thing I noticed as I walked into the room was that there were only six people in attendance--two of which were the moderators and one who was merely an INETA representative.  As soon as Art and I sat down, one of the moderators turned to us and asked us our thoughts on .NET application hardening.  Not blinking, I launched into my diatribe of thoughts on the topic (some of which I've listed above).  Shortly after I began my monologue, two of the attendees left the room.  I'd like to think they were just leaving so that they could get a fresh start on the next days activities, but we all probably know the real reason.

When I finally came up for air, the moderators introduced themselves and their particular angle on the topic.  They were two guys from PreEmptive Solutions: the makers of Dotfuscator.  Their angle on application hardening was to ensure that your IL is sufficiently scrambled so that a malicious person cannot reverse engineer your code.  Hmm.  Hadn't really considered obfuscation in my list of hardening concerns.  It seems to me that if a malicious person made it through to the point where your IL was in danger of being reverse engineered, you were already too screwed to care about that.  Never the less, I guess you could call obfuscation another consideration in application hardening--certainly if you make a commercial desktop application.  

The moderators also talked about the rigor with which their product has been developed.  Since a light version of .NET Obfuscator is distributed with Visual Studio, Microsoft demands that the development effort for .NET Obfuscator adhere to a littany of standards set by the SDL; so, yes, we did talk a little about the SDL, but only in terms of certifying products with the Microsoft seal of approval.  Of course, I don't see the applications I write as requiring Microsoft's security seal of approval, but who knows?  Maybe when that million dollar idea finally surfaces in my brain, I will need the SDL seal of approval.  So, now it's just a matter of waiting on my brain.  Brain?  Hello, you there?

Session: Taking Advantage of Microsoft Enterprise Library for Visual Studio
This session was held in one of the conference theaters: a section in the middle of the large conference area floor cordoned by 10' high cubicle walls with seating for about 50 people.  Last year, I found these venues frustrating because of all the noise around the theaters: the main conference area floor played host to not only the theaters, but to tens of booths manned by Microsoft employees on hand to answer questions about specific technologies, the lunch area, the vendor section, and a number of other noise-inducing distractions.  This year, while much of the environment remained the same, I did notice that the theaters seemed better constructed to muffle the outside noise--at least, I could hear the speakers much better this time around.  I'm sure the fact that Microsoft split the conference up into separate Developer and IT editions--reducing the attendance by about half--helped reduce the ambient noise, as well.

One problem solved.  The next problem, though, was seating.  The theaters played host to a number of interesting topics and, as a result, a number of people would show up to these sessions.  If you wanted to get a seat, you had to be at least 20-25 minutes early.  If you wanted to get some room on the carpet, you usually had to be at least 15 minutes early.  Once seat and carpet were full, forget it: you could stare through the glass wall at the back of the make-shift room, but could hear no sound.

As to my thoughts on the session on Enterprise Library?  Well, I arrived at the theater at about 5 minutes before the start of the session.  Better luck next time, I guess.

Session: Messaging, Identity, and Workflow in the Cloud
Since I couldn't attend the session on Enterprise Library, Plan B was to check out this session on Messaging, Identity, and Workflow.  I had no idea what this session was about exactly, but I've been struggling with messaging (.NET to JMS, specifically) and identity (web service authentication, to be exact) at work, so surely this session would offer some value to me in those areas.

Well, this session was all about a new offering from Microsoft: Biztalk Services.  Biztalk Services (not to be confused with Biztalk Server) is an experimental offering to foster better connectivity between service endpoints.  It includes some pretty interesting security and entitlement features to help you secure your services.  I don't see much business value here (for one, this service is an unsupported experiment), but it seems like something that might be fun to play around with.  Presenter Justin Smith played a very entertaining video involving Biztalk Services and robots--that alone made for great session material!

Session: Architect or Developer: Tips and Tricks for Guiding and Supporting Innovation
Boy, it sure would be nice to have a culture of innovation at work.  Sounds like this session is poised to offer me great advice on promoting such concepts at my company.  Unfortunately, the timing of this session gave me only 15 minutes to traverse the conference floor from my previous session, wade through the lunch line, wolf down lunch, and high-tail it to this session.  Oh, and yes, it was being hosted in one of those dreaded theaters.  Guess I'll pass on this one, too, and enjoy my pastry dessert.

Session: Writing Administration Tools for your Applications
This session was presented by Brian Randell in one of those dreaded theaters, again.  I attended one of Brian's presentations last year--don't remember the title.  However, I do remember him making an intriguing statement: something to the effect of, "since we now have Powershell, is there a need anymore to write .NET console applications?"  This statement motivated me to look harder at Powershell as an alternative hosting "UI" for my .NET binaries.  For instance, there has been a revival over the last two or three years in the separation of concerns paradigm in ASP.NET development.  Specifically, we've seen multiple, robust implementations of the MVP and MVC patterns appear recently.  One argument in favor of adopting these patterns is the code-reuse argument: that, if we properly separate the business operations of an application away from its UI, that code base can be reused elsewhere.  So, I should be able to take the code base of an ASP.NET application and front it with a Winform or WPF UI to suddenly turn the application into a desktop app.  Could I not then also take that same code base and front it with a Powershell script and turn the application into a command line driven application or even a batch-based application that I can schedule to run nightly across thousands of records?  But I digress.

Brian began his talk by quoting from the TechEd mini conference guide regarding the nature of sessions that are suppose to occur in these "interactive" theaters:

• Small and informal (so explain why there was no room for me at the previous theaters I wanted to attend)
• Interactive and discussion based
• Chalk talk and white board formats
• 30-75 minutes in length

Interactive and discussion based.  In other words, "I have no thorough presentation for you based on my research and experience.  Rather, I want to hear what you, the attendees to this session, think should be the solution."  Great.  I was really hoping Brian would share some examples of administrative tools he's written in the past, particularly with Powershell (in reference to his last year's comment).  Instead, he presented a list of important points he felt an administrative tool should address.  When I say administrative tool, I mean a tool you write to administrate your actual solution.  In my mind, this could be a tool to alter configuration settings--perhaps turn on, turn off, or somehow change diagnostic settings, change connection strings, and so on--a tool to view log information, etc.  Even though I was expecting a standard presentation on this topic, Brian still conveyed some interesting information.

He noted that the Visual Studio 2008 IDE could be deployed as a shell--without all the code editors and other tools and plug-ins you normally get with your license, I guess.  This makes sense because that's how the Team Foundation "fat client" deploys.  Normally, you access TFS from a TFS plug-in in Visual Studio; however, if you want to access TFS from a machine in which Visual Studio is not installed, you can install the TFS fat client, which is just the Visual Studio shell plus the TFS plug-ins.  Brian mentioned that admin tool option could be writing a Visual Studio plug-in and then deploying your plug-in with the Visual Studio shell.

He mentioned that tool developers should consider the different UI options: command line, Winform, Web and even devices.  Specific technologies could include Powershell, WPF, and even the Microsoft Management Console (MMC).  On MMC, he said that for older versions, writing your snap-in was difficult.  Typically, you'd have to write your snap-in in C++ or VB6.  However, the new version of MMC, version 3.0, apparently allows for greater extensibility options.  Brian mentioned that the February 2007 Windows SDK (and greater, presumably) includes support for MMC 3.0 snap-ins and samples.  MMC 3.0 will only work on Windows XP SP2 and Vista.  Will it work on Windows 2003?  Don't know.

Other considerations could include support for COM so that admins would have the option of scripting the tool from within VBScript or JScript.  My thought: forget that.  Isn't this another reason we now have Powershell?  Someone in the crowd mentioned that Powershell templates in Visual Studio made it easier to write Powershell scripts.  I wonder if he was referring to this? 

Finally, I noted some of Brian's thoughts around leveraging WMI for administrative management.  He mentioned that Visual Studio 2008 makes it easier than ever to take a look at the types of data published to WMI.  In the Server Tool, there's a node labeled as Management Classes and another labeled Management Events.  These nodes let you take a peek at the WMI world on your machine.  Right-clicking either node gives you more options.

Session: Decoupling Contract from Implementation: Microsoft .NET Interface-Based Programming End-to-End
Juval Lowy is a man on a mission: hide your implementations behind interfaces always and all the time!  And what's this crap about Microsoft's increasing use of abstract base classes?  Abstract base classes are too lenient in that deriving classes are not required to provide implementations for every method and so on.  Interfaces are the way to go.  Juval covered some very interesting tricks you can leverage for explicit implementations of interfaces and casting.  I'm definitely going to have to pull down and go over this presentation again when the TechEd media comes out. 

Session: From Zero to N-Tier in 75 Minutes
Paul Sheriff presented this session.  Paul's a fairly prolific writer in a few of the technology journals out there.  I do remember seeing his name on particular articles from time to time.

So, what is a Tier and what is a N-Tier architecture?  In most circles, technologists will tell you that a Tier is associated with a physical layer of an application.  For instance, you could host business processing components on an application server.  You would probably call that the Application Tier.  An application's database is usually hosted on a physically separated server called the Database server.  This would be known as the Data Tier. 

Tier is contrasted with Layer: most technologists will tell you that a layer is a logical separation of certain components.  For instance, good development practice would insist on separating all business processing code away from the user interface.  The user interface components--ASPX pages and such--would live in a UI layer while the separate business processing code would live in a Business layer.  The Business layer itself would be further broken down such that code used to access data repositories would be separated out to yet another layer traditionally called a Data or Infrastructure layer.

So, with this kind of understanding, I was eager to see what Paul would come up with:  would he advocate an SOA approach to N-Tier architecture by demanding that all business processes live behind WCF services in an application farm?  If so, what kind of bindings would he recommend?  What kind of security would he recommend and would he discuss caching of security credentials to improve performance?  If not WCF, would he recommend .NET remoting?  I've done very little with remoting, so it would be very interesting to hear what arguments he might have for .NET remoting in a WCF world.  Aside from WCF and .NET remoting, what other considerations should we take into account when architecting a .NET, N-Tier solution?  Would Biztalk Server fit somewhere in here?

Unfortunately, Paul didn't present a discussion on an N-Tier solution.  Rather, he presented an N-Layer solution discussion.  Interestingly, he acknowledged that he knew the differences between the two terms in one of his first slides, yet his entire presentation was about taking a flat .NET solution and refactoring it into multiple logical layers. 

I found this pretty frustrating: there are hundreds of posts on the internet on how to construct an N-Layer solution.  What is not so widely discussed are the pros and cons of an N-Tier solution and recommendations for how to proceed with such an endeavor.  Here's Rocky Lhotka's thoughts on the topic (and David Hayden's).  I probably should have left and looked for another presentation--perhaps that one on multi-core development or that one on WPF data templates.  I guess I stayed hoping that he would, at some point, jump into the N-Tier discussion.  Alas, he did not.  What's more, his refactoring efforts included no discussion of interfaces, MVP, or MVC, nor did he discuss other separation concepts like ORM.  Moral of the story: don't just rely on the session title to tell you what concepts will be discussed.

Overall, I found TechEd 2008 (Developer edition) a very worthwhile conference.  It introduced me to new ways of solving various software problems, confirmed many of my own
conclusions of different aspects of software development, and even enticed me to learn more about certain technologies I've been deliberately avoiding (I'm thinking of you, WPF
and Silverlight 2.0 beta).  It was also nice to get away from work for a short time.

When I attend conferences, I find I'm an old-school note taker: carrying around a paper notepad (even though my 100 pound laptop is nestled nicely in my backpack).  So, now I
face the daunting of transcribing my chicken scratches to digital.  My plan is to post up my notes as I get them transcribed.

One of the side benefits of conferences is the swag: t-shirts, pens, notebooks, and other more useless paraphernalia that you can get from Microsoft and other vendors.  Some vendors have drawings to give away cool prizes like X-boxes (last year, one vendor gave away a motorcycle).  Sometimes to enter these contests, you have to submit a business card.  As my company provides me no business cards, I was forced to make up my own:

 

I'll be off to Orlando in June for TechEd 2008 (Developer edition) and, now that I know what the Party with Palermo meme is all about, I'll be partying with him! This will be the second TechEd I've ever attended and the second Microsoft conference (of the pay variety) that I've ever attended, too. Hopefully, I'll come back with a head full of knowledge to fill many a blog entry.