It's been a great second day of presentations at RailsConf and I'm waiting with Mike Bailey and Jim Freeze for a speech from David Heinemeier Hansson. Chad Fowler has just announced that O'Reilly are hosting the next RailsConf. So book some time off for May 17-20, 2007 in Portland, Oregon!
On Wednesday night I arrived in Chicago, IL for the first ever Ruby on Rails conference. My Southwest flight from Philly was delayed for two hours so I didn't get to my hotel till 2.30am on Thursday. After less sleep than I had planned for, I went along to the Rails Guidebook. This was a cut down version of the Pragmatic Programmers course developed by Ruby legend Dave Thomas. Dave presented along with Mike Clark and they didn't disappoint. If you ever get a chance to see these guys present make an effort to go see them, they are very entertaining. Thanks to Chad Fowler for enlightening me on the Ruby Gems system during the 'installfest'!
Day one of the real conference kicked off today with a keynote from Dave Thomas on what he feels are areas where Rails can improve. He didn't spend a long time covering it, but support for other data sources behind a model is an important addition. Having improved database key support would also be nice to have for those working with legacy systems.
The best sessions of the day were on Capistrano, a Rails deployment engine, and Asterisk. The integration of VoIP with Web applications is surprisingly simple with this open source platform. I felt the Open ID session was a miss because the information had been presented in a similar way to Dick Hardt's identity presentation, and there was little on the Rails specifics.
A very useful notion from the world of Rails are migrations. These help you update your database based on changes to your application, and are very much automated by the platform. Unfortunately these are not fully transactional since MySql and friends do not have support for transactions around DDL. I wonder when they are going to catch up with SQL Server in this regard?
When I attended TechEd Europe in July 2002 one of the most interesting sessions was presented by Steve Riley. This was an overflow session presented during lunch, and I thought it would be interesting to check out something I hadn't planned to look at. The session covered use of IPSec, and the presentation style was very engaging. Rather than discuss technology in search of a solution, Steve solicited a number of scenarios from the audience and presented the hidden power of IPSec.
Many years pass, and I spot a blog entry from Jesper Johansson, where he book that is co-authored with Steve. I ordered it almost immediately from Amazon.com and I wasn't let down. This book is a gem for any developer who is trying to understand infrastructure security and the capabilities of the Windows platform. It's a fairly easy read and only delves into the necessary detail, avoiding coverage of mundane technical details that are presented on TechNet. To get the most out of this book you'll want your own test rig set up on virtualised hardware (think VMWare or Virtual Server) with a domain controller, certificate services, ISA Server and the like.
It's really hard to fault this book, maybe it should be available in hardback?
Microsoft have been collecting crash data using a system known as Windows Error Reporting ("Dr Watson") since the release of Windows XP (and possibly earlier). When a usermode error occurs in an application, a minidump and other pertinent is extracted. The user is then prompted as to whether they wish to report this information. After the reboot that follows a kernal mode error (bugcheck) you are prompted to send this information to a secure Microsoft server.
If the information is reported, a back end process does some analysis to see if it matches other error messages and might offer you some feedback. I've certainly benefited from this in the past, as a buggy D-Link driver caused numerous bugchecks (blue screens) and WER pointed me to a source of newer drivers.
I've observed the use of this feature by many people and there seems to be a fairly even split between those that send the crash data and those who cancel out. It appears that many people don't provide feedback because they fear Microsoft getting getting access to private information. This fear is justifiable, but I think that Microsoft could encourage more people to submit bug reports if they improved their UI design and branding.
The current implementation on Windows XP and 2003 has these faults:
Thankfully there are some improvements on the way. Windows Vista will include support for centralised crash reporting management, and improved UI. I will post a review of this in Beta 2 soon. Users of Office 2007 will notice that the bug and usage data collector is more advanced, and allows you to submit later. This is enabled when you sign up for the application improvement programme when prompted in the task notification area.
- The UI is simplistic. Although it offers some information on why you might submit, it fails to reinforce the benefits.
- Technical information cannot be easily copied to the clipboard. It would also be good to be able to save this to a file.
- There is little help provided to help decipher the technical information provided.
- Lack of Windows UI integration. If you are using a shared computer, an administrator cannot see all of the issues which have been submitted to spot problem applications. The settings for crash reporting are hidden away from most users in the system applet.
- If you are offline you cannot submit a report.
It's common to see .NET developers and SQL Server DBAs arguing over the merits of stored procedures versus inline (ad hoc) SQL. It's unfortunate that these folks are so polarised since there is a solution that meets somewhere in the middle. It's called parameterised SQL and it's similar to inline SQL, except that it's based on templates. You effectively have the SQL that exists in a stored procedure, and you specify input/output parameters in the same way as you do for stored procedures. This SQL is then placed in the data access layer of your application.
From what I understand, Microsoft are using this for DLinq and have dropped their recommendation on the use of stored procedure. I'm all in favour of this method since it makes upgrading applications so much simpler, and reduces your dependency on the DBA whilst maintaining a level of protection from SQL injection attacks. There is the point about setting security on individual stored procedures - but how many people really do that? Even when they do they often leave themselves open to other attack vectors.
Rod Paddock recently posted on his experiences with WPF. Something that jumped out at me was his criticism of Microsoft for omitting a Datagrid control, although a basic grid control is included. The lack of a traditional Datagrid doesn't bother me too much, but I can see how it might impact a lot of developers. WPF is at least six months from release so it's likely a third-party will fill this gap, if Microsoft aren't pressured into writing one.
In case you don't know, the data grid is a UI control for Web and Windows development included with every release of .NET so far. It's a staple for UI control vendors and has been replicated in many other development environments. At a base level it displays data in a tabular format. However most incorporate in-place editing and control hosting features.
Perhaps the lack of this control in WPF is a blessing in disguise since developers might stop to think for once. From my experience the data grid control is:
Misuse is the biggest concern for me. Time after time I see projects where a developer has slapped on a grid as the UI, without concern for the end user. I refer you to the hideous multi-coloured grids with full editing enabled that litter business applications today. Vista is supposed to make us re-think the user interface to some degree - should we carry forward some of the rubbish that is produced today in the name of software UI design?
- Often misused by developers
- Too heavyweight on the client
- Complex for the developer to implement and maintain
As an aside, I'm a big fan of FogBugz and it includes a grid UI for listing cases. However, it also includes a list view, which must be popular with some end users for FogCreek to include this functionality.
Onto point two which is only valid when you really care about your users (most line of business developers need not apply!). Grids are heavy on the client if thought is not put into their operation in production. I'm all for avoiding premature optimisation, but avoiding optimisation altogether is something else entirely. Costs for grids on Windows include the memory for the control and data. On the Web you often produce a lot of HTML tables and other junk which has to be delivered to the browser. If ASP.NET is used there is also likely to be superfluous viewstate information. As you cram more features in you are penalised for each one unless you can selectively control their use.
My final point, number three, relates to the complexity that you heap upon yourself as you strive to make your application more complex for end users. Why try to combine editing, deletion and creation of records into one screen? It's often a false economy on behalf of the developer that all of this can be rolled into a single application form. If I had a penny for the number of a reasonable developer struggles with getting access to the value cell in an ASP.NET Datagrid, I would be very rich.
Getting back to WPF and Vista, I think that developers like Rod need to start looking at how they visualise information. Until now, .NET programming has been about ramping up productivity on the parts of an application a user shouldn't experience directly. With WPF it's about how the user interacts with the application, and this requires the attention to user experience that Web applications have had for years. If the current generation of developers don't wise up and appreciate the implications of this technology they will deservedly end up on the scrap heap.