Bottom Of The Article Barrel

It happens to everyone. You pop into the grocery store to pick up some soda and head to the 10 item or less express checkout lane. The person in front of you has 25 bags of vegetables. The clerk has to do a price check on red onions. The customer can’t find their debit card. The cash register runs out of paper. Suddenly, a wormhole appears and sucks all of the employees into the vast space-time continuum. While you wait in line for hours, the store staff drinks gin and plays blackjack inside an East Cleveland speakeasy circa 1921.

I’ve been in these situations before, and I hear the people around me start to grumble as the minutes tick by. Instead of complaining, I find times like these are perfect for meditation and brainstorming, except it is difficult to concentrate around tabloid magazines. Here are some article ideas I came up with at the store, but I don’t think I’ll follow through with them in 2005.

• Embezzlement for Fun and Profit: Implement a Salami Slicing Algorithm with C#

• Biztalk Installation – The Musical

• Build A Comment Spam Engine With the .NET WebRequest Class, You Slimy Rock Sucking Twit

• Phiber & Cybergrrl: A Post Modern Love Story.

2005 Article Topics

I’ve given some thought about what I’d like to write about in 2005. I enjoy writing, and I even enjoy thinking about writing. Writing is a great way to come to grips and form opinions on a topic, and thinking is a relaxing way to pass time. I’ve thought up a list of topics I’d like to research and write about for OdeToCode next year. Here are some of the general areas.

• Interviewing
• Configuration management
• Debugging
• Patterns
• Unit testing
• Project management

How’s that for a list of vague predictions?

Perhaps I should post the top 10 articles I won’t write ...

Happy Birthday

Happy Birthday, OdeToCode. You are one year old now. I'm amazed at how well you've done in just one year. Let's see what we can pull off in 2005.

Fragile

When I was growing up, I thought I lived in the most boring place on earth. The Blue Ridge mountains in Maryland reach a humble elevation of 2000 feet (600 meters). The mountains are known for coal, and coal is relatively uninteresting – at least compared to, say, the hot magma inside of Mt. Saint Helens. As a kid, I always wanted to know what an erupting volcano would look like.

The climate in the northeastern United States is tame. Tornados are extremely rare, and I figured there was little chance of me being whisked into the Land of Oz with Dorothy. Growing up, I always wanted to save Dorothy from those flying monkeys.

Earthquakes also fascinated me. I used to picture earthquakes as making a cartoonish clean split in the ground. The ground here is rich in limestone – a soft rock. The most interesting ground features in this area are the numerous caves and sinkholes formed by erosion. Being I’m a tad bit claustrophobic, I’ve always considered spelunkers to be quite mad.

Then there is the Maryland shoreline. The waves in Ocean City are mostly small, and often cold. You won’t see any surfing championships here. As a kid, I used to look at pictures of surfers with waves towering behind them and imagine how exciting it must be to be ahead of a wave so large.

Being a little older now, I realize there are some events I don’t want to witness first hand.

Nature’s extreme forces make life look so fragile.

The Shared Folders

Tomorrow, dear reader, is not a day I am looking forward to.

Tomorrow, I’m going into the labyrinth alone. I’m heading into the shared folders.

The shared folders embody the essence of our company. They contain the past and the future - all inside of a single hierarchical structure.

A few months ago, I went into the folders, and they looked something like this:

I went to the powers that be, and asked for some insight as to the structure I found. Are the final specifications the complete specifications? Or are the complete specifications the final specifications? Do we make final specifications, then review, update, and mark them complete? Or do we make a complete set of specifications, then update, review, and mark them as final?

I suggested wikis, portals, or anything with WebDAV to make some sense of our artifacts, but the powers that be like folders. Shared folders. Shared folders with a deep hierarchy. The deeper the better.

The powers that be told me the folders would undergo a reorganization, and the latest version of specifications would be easier to find. Past versions would be put into an archive folder. “Great!”, I said. I returned to the shared folders a few weeks later to find this:

Looking at this, I feel like David Carradine’s character in the old Kung Fu series.

That is not a puzzle, Grasshopper. It is only something you do not yet know

Atkin’s Query Plan

One of our customer’s warehouses threw a fit over an extraction query this week. The query ran for two hours before we cancelled. We expected the query to run for about 5 minutes, but the database turned out to be subtly different then the testbed we use for optimizations. Here is a zoomed out view of the estimated query plan we started with:

Notice the line along the top where SQL is working hard between join steps to prepare data for the next join. After every little change to the query and indexes, I’d revisit the zoomed out plan to see if it was getting any skinner. I was thinking of calling this technique “big picture optimization”, or the “Atkins query plan”, but that’s just silly talk isn’t it? Here is a plan that finished in 4 minutes:

And with this picture of success, I’ll wish everyone reading a merry Christmas.

Even More On Static Members

Bruce brought up an important point about my MSDN article that I left understated. In order to show the full impact of the beforefieldinit flag on a type constructor, the code has to compile with optimizations.

Also, many optimizations take place with the JIT compiler, but the JIT doesn’t optimize when the app is running under the debugger. See John Lam’s post “Beware of Heisenberg effects” for in-depth coverage.

Static methods are debated regularly in the forms and newsgroups. I posted two little OdeToCode tidbits on the subject: Statics & Thread Safety Part I and Part II.

This Post Brought To You By The Letter K

When I was in school, I decided in addition to needing money I desperately needed to expand my cooking repertoire beyond grilled cheese sandwiches and scrambled eggs, so I applied to be a cook at a steak house restaurant. After three years of part time work in a kitchen, I came away knowing a lot more about meat, fish, and vegetables.

A funny thing happened along the way, and it started the day I was hired. It went something like:

Manager: So, ahhh, Kenneth. Do you prefer to go by Kenneth or Ken?

Me: Actually, I use my middle name, which is Scott.

Manager: Oh ok. Well, I’d like for you to come in for some training next Tuesday at 3. Can you make it?

Me: Yes I can!

Manager: Ok, see you then, ahhh, Ken.

Sure enough, when I arrived for training I had a brand new name tag with “Ken” emblazoned on it. I tried over the next few weeks to get a new name tag and convince people to call me Scott, but it never worked, and eventually I gave up trying.

I sort of enjoyed my alias. I’d throw on an apron and instantly transform from Scott the Student to Ken the Cook. As I worked up the ladder from making deep fried cheese to actually putting filet mignon to the flame, Ken became more of an alter ego. Ken made the best blackened prime rib in the East.

If you’ve ever worked at a restaurant you’ll know it’s actually as much of a social institution as it is a place of business. You work late hours. The dinner rush is stressful. You scream and yell at your co-workers, and to relieve the stress you pull pranks when they are not looking. You put Tabasco sauce in their ice tea, or put fish heads on their car’s hood ornament* (it’s a lot like software development, right?). All of this activity forms a close bond between people, and you end up spending time together outside of work at parties and such.

Eventually, people who knew me as Scott the Student would end up in the same room as people who knew me as Ken the Cook. At least half the people in the room would be confused when any one person was talking to me or about me. This is an awkward social situation, but geeks get used to these, or learn to ignore them completely and go about enjoying ourselves. To this day there is still a subset of people who only know me as Ken (but I never see them anymore).

Anyway, in case you ever wondered what the K stood for (and you probably haven’t, but I can always change reality to suit my needs - it's fashionable, you know), it stands for Kenneth. My parents named me after an uncle who passed away before I knew him, but they wanted me to go by my middle name of Scott.

I throw the K in front of my name here because there seem to be a plethora of Scott Allen’s around. I wouldn’t want people to confuse me with the Scott Allen who wrote ‘A comparison of the Washington Naval Arms Treaty of 1922 and the Strategic Arms Limitation Agreements of 1972’. That is not a topic I can even make conversation about at a dinner party. There is also the folk singer, the rodeo announcer, and the golf pro. We’re everywhere!

*Not that I’ve ever done this. I just heard rumors. It wasn't me. Quit looking at me like that.

Reporting Services News

Here are some miscellaneous tidbits I picked up about Sql Server Reporting Services over the weekend.

Service Pack 2

It looks as if Service Pack 2 will bring some new features to Reporting Services, including client side printing, SharePoint integration, and a new Report Viewer component. The man, myth, legend, and mid-Atlantic Developer Community Champion Geoff Snowman will deliver a webcast about the new features on January 10.

People have complained about the lack of a ‘direct print’ feature in Reporting Services since the initial release. Earlier this year it was refreshing to see Group Program Manger Brian Welcker point out in the newsgroups why there is was no direct print even after SP1:

I'm not sure where the idea that client print is "simple" comes from. Since we can't use the browser print functionality (it is horrendous), we have to create an ActiveX control that collects print settings and then talks to the server to generate EMF files that can be routed to the printer. It is certainly doable, but not trivial.

That pretty much sums up my feelings about printing in Internet Explorer, both from a development viewpoint and as a user. Will it ever get any better?

PDF Troubles?

If you have a subscription setup to deliver a report in PDF format via email, you might be seeing error messages when trying to open the attached PDF. If so, check out KB 872774 and download an updated ReportingServicesEmailDeliveryProvider.dll.

In a newsgroup post, Daniel Reib (MS) said the title of the KB article is misleading. The problem is with a Unicode byte order mark in the attachment, meaning the problem is not restricted to just Lotus Domino.

Rendering In Word

I’ve heard a few people lament the fact that Reporting Services cannot render a report into Microsoft Word format. Brian Welcker also addressed this topic in a post:

“Right now, it is not scheduled for SQL 2005. It is a lot of work and we don't want to introduce a new rendering extension without the ability to get it right. Fortunately, we can add new extensions without changing the server.”

Forms Authentication

If you want to use forms or custom authentication with reporting services, then you'll need the enterprise version to develop a custom security extension. The price difference between standard and enterprise gets people a bit upset when they realize this limitation. Brian addressed this subject in the newsgroups too:

While most security extensions are used in SSO / enterprise or Internet scenarios, we understand that some people will want to use forms authentication without a full security extension. It is under consideration but not sure it will get addressed.

Top Features for SQL 2005

The CLR gets all the press in articles about SQL Server 2005, but I think the most popular features won’t involve CREATE ASSEMBLY. The most popular features will be those that prevent ‘uncomfortable conversations’. You know, those conversations you don't want to hear....

Feature: DDL Triggers
Prevents: Well I thought I was in the test database when I dropped the Orders table, but, um, well, um. We have a backup right?

Feature: Snapshot Isolation
Prevents: Hi, I’m Sandy with the Oracle Corporation. Your application will suck wind with with their database. Pick us. We can do things they can’t do, blah blah blah multi-version consistency blah blah blah. I’m not leaving till you pick us.

Feature: TRY/CATCH in T-SQL
Prevents: “This stored procedure has more litter in it than the Hudson river.“

Before		After
BEGIN TRANSACTION UPDATE Categories SET CategoryName . . . SET @Error=@@ERROR IF @Error <> 0 BEGIN RAISERROR('blah blah blah',16,10) IF @@TRANCOUNT <> 0 ROLLBACK RETURN(@Error) END INSERT INTO Categories . . . SET @Error=@@ERROR IF @Error <> 0 BEGIN RAISERROR('blah blah blah',16,10) IF @@TRANCOUNT <> 0 ROLLBACK RETURN(@Error) END COMMIT TRANSACTION		BEGIN TRY BEGIN TRANSACTION UPDATE Categories SET CategoryName . . . INSERT INTO Categories . . . COMMIT TRANSACTION END TRY BEGIN CATCH IF @@TRANCOUNT <> 0 ROLLBACK SELECT @Error = ERROR_NUMBER() RETURN (@Error) END CATCH

Yes, nice indeed.

Omea Reader

Earlier this month Christopher Steen gave a CMAP presentation on ReSharper by JetBrains. Chris had a lot of ‘oohs’ and ‘aahs’ going. I was prepared to steal Chris’s laptop and lock myself in a room- just to spend a few minutes alone with the tool before surrendering to police, but I exercised patience instead.

While checking out the JetBrains site I noticed Omea Reader (currently free) and Omea Pro. I’ve been looking for a better newsgroup reader. For the last 10 years I’ve used Agent, but it still doesn’t support multiple newsgroup servers in a single instance.

Omea Reader currently supports multiple newsgroup servers, has a sharp interface and RSS feeds. The app offers various ways to categorize, annotate, and flag posts. The major downside to me is the need to use the Ctrl key for short cut operations, like to mark a post as read, or move to the next unread post. There also doesn’t appear to be a kill file, or a way to mark a thread to ignore. Without these features, the app feels too cumbersome for high volume groups (300+ posts a day). Agent has these features, and the commands need only a single finger.

Omea Reader isn’t quite out of the running yet though, because there is a plug-in architecture….

To You, Sony

Dear Sony,

By the time you read this, I’ll be gone. I’m sorry for doing this, but I feel our relationship has run the course. I realize this might come as a bit of a surprise to you, but I need some freedom. I’m going to gather together all the pieces around the house with your name on them and put them into a pile. This includes:

1. The 36 inch television with a flickering display.
2. The two dead ‘MP3’ players.
3. The phone that requires a hard reset every two days.
4. The Playstation that requires a manual calibration every week (not an uncommon problem).  

I could keep going, but I’m sure this is hurting me more than it is hurting you.

P.S. The software you bundle with your MP3 players is an atrocity.

January MSDN Magazine Is Online

I’m quite excited to see my article published in this issue alongside so many people I’ve read and followed for years. Just one example is Paul DiLascia, who has been writing a C++ Q&A column each month. I still have a well worn copy of his Windows++ book that I bought 10 years ago. I even remember where I bought the book, mostly because I thought the store name was so cool  (README.DOC).

I think I might frame this issue so my kids can look at it someday and marvel at the primitive tools we work with.

Threat Modeling For the Holidays

Many of you will have friends and family over between now and the beginning of the new year. They’ll eat your food, drink your eggnog, and fall asleep on your sofas at the most inconvenient moments. More importantly, however, they will be around your electronic equipment and your home network. Don’t let love, friendship, or a blood relationship lull you into a false sense of security. The time to start planning your defense starts now.

Whenever I need some information about security, I turn to Anil John’s SecureCoder.com site. Anil is a fellow CMAP member whose obsession with security shows through at every meeting. Anil regularly makes comments like:

   Why are you running as administrator?
   Hey – that password is in plaintext!
   You did what with the request validation setting?!?!?

Anil’s blog has some great posts on security and also about threat modeling. Threat modeling is an important step in planning an in-depth defense against holiday guests. You need to identify assets, identify threats, and build attack trees. Only after analysis is complete will you understand the true perils of having people inside your home.

Before starting your project, I suggest putting together a guest list and jotting down some notes about each individual. An example guest list is shown in figure 1.

Charlie (Uncle)	Only wants to check stock quotes on the computer, but always mistypes a URL and ends up clicking “Yes”, “OK”, and “Accept”.
Fred (Nephew)	Two years ago, Fred asked for a laptop to finish his school geography assignment. Removing all the chat software afterwards required the magnet from a 15-inch subwoofer.
Jasmin (Neice)	Last year, she was found in the home office brute forcing SAM passwords from an NT Emergency Repair Disk with software on a jump drive.
Wendy (Aunt)	Regularly forces an evacuation of the premises when microwaving popcorn.
Figure 1: The guest list. Never underestimate your adversaries.

Another technique Anil talks about is using multiple layers of defense. It is important to have a fall back in case a guest circumvents the outer protective shell. For instance, not giving your guests administrator privileges will prevent many problems, but what if they stumble across the piece of paper from the locked firebox behind the hollow brick in the basement where you scribbled the administrator passphrase in lemon juice? You are screwed!

One plan would be to ask such a guest to leave the house immediately, but I realize this plan is fraught with emotional complexities. Another plan, one I like to call “Operation Blackout”, requires you to find the master circuit breaker for your property. By revoking power from targeted areas of the house, you can be sure no packets flow over the network - even while the turkey continues to cook in the kitchen!

Remember to plan ahead, and best wishes for an electronically safe and happy holiday season.

Hiding Report Parameters

Dear Vivian:

You didn’t leave me a return address, so I hope you see this response. I said I had an answer for you, but it’s taken many days to respond, and I apologize. It has been a difficult week in the salt mines. Deployments. Conference calls. Customers destroying network settings. Sales staff destroying demo software. It's crazy around here.

Anyway, the question was: how to hide a parameter in Reporting Services?

Go to the Report menu, select Report Parameters, and highlight the parameter you need to hide. The key is to clear the Prompt text box, and make sure to supply a default value. Reporting Services will no longer prompt the user to enter a value for the parameter. The parameter value can still be dynamic if there is a VB expression or a query to specify the default value.

To override the parameter at run time with a different value (perhaps by passing the new value in the query string when using URL access), then you may get the error “parameter is readonly and may not be modified”. Make sure to install SP1 for Reporting Services to fix this.

To determine the version of Reporting Services, go to the base URL for the report server (typically http://machinename/reportserver/. At the bottom of the browser page will be the version number:

   Microsoft SQL Server Reporting Services Version 8.00.743.00  <- this is old

   Microsoft SQL Server Reporting Services Version 8.00.878.00  <- this is SP1

AppDomains and ASP.NET

Thanks to Jason Haley for the kind words about OdeToCode.

 Today I responded to some questions I’ve gotten over the last week with a little something entitled “What ASP.NET Programmers Should Know About Application Domains”. I hope you like it.

 

Thinking Ahead

Local carpenters have rebuilt the Ise Jingu shrine in Japan every 20 years since 690. The 62nd rebuilding will start in 2013, and will take about 8 years.

Twenty years seems like a terribly short time for a shrine to be around. A common mortgage term in the U.S. is 30 years. We’d be upset if we had to rebuild our homes every 20 years.

On the other hand, twenty years is a terribly long time in software. Even 5 years can be a stretch. Off hand I can only think of 1 major piece of Microsoft software that has remained the “latest and greatest” for a 5 year stretch: SQL Server 2000 (and this is just a guess, but I don’t think it was in the master plan to ride that horse for 5 years).

Today I was thinking: what I would do if someone asked me to write software that would last for 20 years? Andy has me thinking about this, thanks to his recent comment.

If I go backwards 20 years I’d be bumping up against the fringe of my computing experience. If someone asked me then to write software to last for 20 years I’d have no choice but to write in Basic on a Texas Instruments 99 4/A. If customers were still using the software they’d have to buy spare parts from eBay, or (more likely), run the software on a PC under emulation.

How could I develop software today to last 20 years and have some isolation from the aggressive innovations in platforms and runtimes and preferably never even re-compile the code?

C++ offers me a ubiquitous, standardized language, but it’s hard to write portable code, harder still to write portable GUI code, and tediously hard to write portable GUI code without a dangling pointer lurking. Recompiles for a different architecture are required. If I were to just target Windows XP - can it still run in 20 years? Maybe. Ben Armstrong has Windows 2.03 running on a Virtual PC today.

Java takes care of dangling pointers and runs on many platforms, but is not a standardized language. If IBM ever talks Sun into turning Java open source, it would certainly look more attractive. There is a healthy amount of community and open source activity around Java today, which is always encouraging, but in 20 years Sun's lawyers might complete the mission of suing every supporter.  

Then there is .NET. At least one language, C#, is standardized. There are open source implementations of the runtime from outside of Microsoft, but writing a GUI with portable code is still problematic, and the rate of change is still high. There are also the rumors that a future OS version will only support one version of the runtime. Would my program still work there?

Some ASP.NET applications are now working on both mono and the MS runtime from the same code base, but don’t get me started on web applications. If, in 20 years, people are still writing applications by throwing HTML, DHTML, JavaScript, cookies, and cascading style sheets into a blender and hitting the ‘stir gently’ button, then the entire industry should retire and become dentists. We couldn’t do any worse then the one working on Chris Sell’s son. Actually, the thought of being a dentist terrifies me. Instead, I think I’ll be a taxi driver - at least I can talk to new and interesting people without them having cotten in thier mouth.

In the end, I’d have to think both .NET and Java would undergo major breaking changes in at least 10 to 15 years. I have a feeling C++ will still be chugging along, but my crystal ball manufacturer does not have a good track record.

To really look ahead, visit the page of the Long Now Foundation and think about the challenges of building a clock to last 10,000 years. How do you power the clock? How do you provide instructions for someone to maintain the clock? What do you do to lessen the risk of damage from earthquakes and roving, juiced up teenagers?

Speaking Of Blogger Power

If you’ve never heard of a company named MEDITECH, it doesn’t surprise me. You might be surprised, however, to know they are one of the largest enterprise-scale software vendors in the healthcare industry. They are a private company and go quietly about their business.

With such a quiet reputation, it was surprising to see their President and COO accept an invitation for an interview. Not just any interview, but an interview with a blogger – and an anonymous blogger no less. You can read the interview over on HISTalk, which always has juicy tidbits about the healthcare IT space from someone in the know.

I had the opportunity to sit and talk software architecture with Mr. Messing earlier this year. I can tell you he is not a fan of the .NET platform. Seeing as how they build everything from scratch (and I mean scratch), this is not surprising. The approach affords them a great deal of independence, but you have to wonder how long one company can keep up.

I'm Grumpy?

A couple days ago, my editor at Packt sent me an email and described my blogging as “grumpy”.

Wow! I never thought of myself as a grumpy type. I took an informal poll among co-workers and 3 out of 3 people said I did not fall into the grumpy category.

The next day at work, the CEO came in and announced the need for a “get on the same page” type of meeting. The meeting time was 12 noon, and he ordered food to be delivered. The food, he explained (while looking directly at me), was because “some of you get grumpy when you’re hungry”.

Wow! Two accusations of grumpiness in as many days. Sure, my demeanor might change a bit when I am hungry – but it’s just the survival instincts I inherited from my Paleolithic ancestors who killed bison with their bare hands and ate the raw meat.

In the future I plan to start making some very subtle changes in my blog posts. Sometimes just tweaking the environment slightly can dramatically change perceptions. Hopefully you’ll come away with a smile on your face, and not feel you’ve been listening to the rantings of a grump on a soapbox.