Attack Trends – Steve Riley

• Works for Amazon
• Start using automation to protect yourself
  • People makes mistakes
    • Configuration vulnerabilities
    • Example, build one box and copy it to the rest of servers.
• Complexity, that’s where they hide in.
• Attack progressions
  • Confidentiality, availability, integrity
• Patch asap if you wait to long, more provision has to be done
• Botnets
  • Used for spam
  • Schools get hacked all the time.
• It cost less to deal with exposure than fix the system.
• LOL TCP/IP over Avian Carriers
  • http://en.wikipedia.org/wiki/IP_over_Avian_Carriers
• Attackers follow a pattern
• Encrypt everything, encrypt it all.
• Think remote acces, not remote store.
• My thoughts:  We should start thinking about security.

p&p – Looking Ahead – John DeVadoss, David Hill, & Ajoy Krishnamoorthy

• Customer feedback
  • 25 to 40% productivity increase using PnP
• 27 people
• Strong emphasis on the fact that they are transparent and posts code on codeplex all the time.
• PnP Secrete Sauce
  • Agile’s customer’s feedback
    • They get feedback from customers every 2 weeks (1 sprint)
    • All code released to codeplex every sprint.
• Prism 3.0
  • Start after new year
  • Target WPF 4.0/SL 4.0
    • Work with blend in UI design
    • More Viewmodel
• Web App guidance
  • In progress, complete q1 2010
  • ASP.NET, MVC, AJAX, jQuery, Dynamic, Data
  • Heavy on the client side
• SharePoint guidance
  • Starts next year
• Identity/Claims-based Guidance
  • Completes this year
  • WIF, ADFS2
• Cloud App Security Guide
  • Starts next year
• CloudLib
  • Starts next year
  • EntLib for cloud
• EntLib 5.0
  • Completes soon
  • Multi-core/many-core programming patterns
• My thoughts: We need to use more of the guidance from PnP.  Also, I like the direction where they are going.

Manage your screens with the Screen Conductor Pattern – Ward Bell

• Demo: Story Teller by Jeremy
  • Acceptance Test kind of app
• Screen Family
  • Screen
  • Screen Collection
  • Screen Factory
  • Screen Conductor
  • Screen Subject
• Process
  • Conductor seems to sound like a controller
  • But conductor tells the subject to create a screen when subject requests a screen but the correct screen is not created yet.
  • Subject is a screen subject
    • I guess it is a control???
  • Unlike prism
    • It is aware of the screen situation
    • Has a central place to ask what is going on
  • Conductor is no a dictator
  • Conductor know a list of screens so if subject is activated, like clicked, conductor shows the subject it’s list of screens to find the right now
  • If the screen is not found, conductor gives the screen factory to the screen subject
  • Screen Subject uses the given factory to create the screen
  • Factory creates the screen
  • Screen Collection is managed by Conductor
• My thoughts: 75 screens in 30 minutes.  He went too fast so it was not easy to understand.

Building extensible systems in .NET 4 – Glenn Block

• Talk is about MEF actually
• MEF = Managed Extensibility Framework
• New library for .NET 4.0 that lets you build applications and components which can be extended without modification
• But it is pay to play

My thoughts:  Demo failed at first.  Need to work on this hands on first.  The key is that I can let my apps to be easily extensible by implementing from the get go.  But the question is do I need to for our apps?

Closing Keynote: Unplugged – Scott Guthrie Unplugged

• scottgu@microsoft.com
• http://Twitter.com/scottgu
• New applications/trends in the industry
  • Exciting times in consumer space – devices and web
  • 2011 – more phones than pc’s
  • MS – 3 screens and a cloud
    • TV, device, and PC
  • Consumerization of IT
    • Devices moving into enterprise space
  • Automated testing
  • Buy and customize trend
• Complexity – catching up with all the new SDK, API, & platforms
  • Hahaha he doesn’t have an answer
  • He just says MS needs to be aware.
• VS 10 Editor – talk about new stuff in vs10
  • Dual monitor support
  • Drag any window out, including editor
  • Better intellisense
  • Lots of small things in the editors
• Testing – talk about new stuff in vs10
  • Record and capture
  • Historical debugging – black box
• Future support of ASP.NET MVC
  • Beta of 2.0 coming soon
  • ASP.NET MVC 2.0 will be built in to VS10
  • ASP.NET Webforms is not going away
• LINQ to SQL futures / EF
  • Built into .NET 4
  • LINQ to SQL and LINQ to Entity Framework, both are staying
• Code contracts and functionality (Pro vs. VSTS)
  • New feature with .NET 4
  • Decorate your methods with conditions that need to be true
• ASP & Silverlight will be more tightly integrated
• Silverlight to Mobile
  • Working hard on it but cannot be ready to talk
  • Nokia Sembian phone will work
  • Will be on a lot of devices – linux and more
• Silverlight 4
  • Will focus on business
• My Thoughts:  I like where things are going, it seems that MS development team are focused on functionality and not on revolution of new things.

Day – 4 Lightning Sessions

• REST and SOAP – Don Smith
  • They have the same spec…
  • REST
    • Http for transport
      • Push it to limits but did not push xml to limits
    • Multiple formats
      • Xml, JSON, atom/rss
    • No explicit contract
      • http is the contract
    • point to point comm.
    • Only need http client
    • No focus on extensibility
    • Caching is built-in
    • SSL security
  • SOAP
    • Can use any transport
    • Use xml formatting
    • Uses wsdl contracts
      • Overloads the POST verb
    • Usually need a toolset
    • Can use intermediaries
    • Extensibility through WS-specification
    • No clear cashing mechanism
    • SSL security
  • Both already successful but it might be better together
  • He would like to see both running
• Using the IIE SEO Toolkit – Drew Miller
  • SEO = Search Engine Optimization
    • http://www.iis.net/extensions/SEOToolkit
    • Improves Web site’s relevance in search results by recommending how to make the site content more search engine-friendly.
    • Not useful to us
• Social Computing: leveraging social graph for your app – Shandy Khaund
  • Good Book: “Here Comes Everybody”
  • Face book is cool but it is cooler to embed social networking into your app.
    • http://virtuonline.com/
    • iPhone App
• My Thoughts: The frist session was simple, clear, and good.  The other two are meh.

How Languages Influence Design – Harry Pierson

• Object and Functional language
• Use the right tool (language) for the right job
• Linguistic Determinism in software
  • Dogged OO a little
  • All language is for reaching the goal but gets there different
• A difference In composition
  • Object composition of things vs. functional composition of actions
• Basically mix F# with C# blah blah blah
• My thoughts:
  • I feel like I am at a zen class where I am looking at a rock, then it turned into sand, then back to rock.  What is this?  Circle of Life?  “This is a poker game!  These are objects and these are actions!”  ARE YOU KIDDING ME?  IS THIS CS 101???
  • I wish they present a good F# session instead.

What’s Coming in Enterprise Library 5.0 – Grigori Melnik & Bob Brumfield

• Already used by exchange server and biztalk server
• 24 developers
• No new blocks
  • Removing code to be healthier and leaner
  • Good design patterns
• Two Buckets
  • One is the functional blocks
  • And the other is the wiring blocks (unity and policy injection)
• Pain – Data Access Block
  • Data Access Block traditionally made it easier to call procs
  • Processing the results still means dropping back to classic ADO.Net
• LINQ Style Result Process
  • Basic Idea
    • Instead of a datareader from a query, get back an IEnumerable<T>
    • Now we can do LINQ like stuff
  • Demo
    • Shows that you can map to an object without writing for loops like the way we do it currently.
• Pain – Logging Performance
  • Originally, planned to implement async loggin
  • Perf is not optimal
    • Formatter took 54% of the total
• Higher Performing Logging – Preliminary Results
  • Improved up to 20%
• Pain – Config Experience
  • Programmatic config support
  • Intellisense in xml
• Fluent Configuration Interface
  • Motivation:
    • Customer requested a better way to configure EngLib programmatically
    • Make our own test cases more readable
  • Demo: doing configuration at code level using intellisense.
• Pain – config Tool: Ux Matters
  • Make it more useful, usable, desirable
• Config Tool is now a new app that is extensible
• Paint – Honoring Validation Attributes
  • Define validation attributes
  • Some stuff didn’t work, now it does
• Big Pain – External Complexity
  • Single entry point
  • Supporting testability in your code that uses EngLib
    • Using DI style with instances
  • Container independence
    • Not tied to Unity
    • Can build your own adapters
  • Preliminary perf is equivalent to v4.1 or better
  • Importantly: existing user code still works
• Cleanup
  • Removed 200 classes
  • More to remove
  • Reducing layers
• New custom blocks
  • It will break old customer blocks
• Learnability
  • Hands-On labs: http://entlib.codeplex.com/Wiki/View.aspx?title=Hands-on%20Labs
  • New Guides
    • http://entlib.codeplex.com/
• Questions I’ve asked:
  • Release date: march next year.
  • How stable is 5.0 right now?  Not fully tested but they are confident, very confident.
• My Thoughts:  Excellent upgrade.  It reduced complexity and improved the Library.  I want it, I want it, I want it!

Modern Data Access – Patterns – Michael Puleio

• Data Access Guideline
• Data Access Patterns
  • Repository
  • Unit of work
  • Specification/selector/query
  • Separated presentation
• Domain Model
  • An object model that represents the domain
  • Contains the combination of data and business logic
  • Mau have no knowledge of data access technology
  • Sounds like our new MVP with entLib
• Data Mapper
  • Represents an association of types and properties across the domain model and data model
  • Almost always aware of the data access tech
  • Mapping support varies
• Repository pattern
  • Collection-type interface
  • Technology varies
• Unit of work pattern
  • Maintains a list of new, changed, and deleted objects and coordinates persisting changes
  • Can be used across multiple repositories
  • Can I use it for mobile sues instead of cloud uses?
• Specification/Query pattern
  • An object that represents the criteria of query
  • Allows queries to be easier to manage
  • Avoids the need ofr a method for each query
• My Thoughts:  This is something we may have to use as we move to distributed data access across different departmental schemas.  Or maybe use it’s ideas on a mobile platform…

Designing for Windows Azure – Steve Marx

• Three services
  • Windows Azure
  • SQL Azure
  • .NET Services
• Dev
  • VSTS
  • Ruby, php, python
• SQL Azure
  • Max 10gb per db, multiple db for scale
  • relational
• Windows Azure Tables
  • Non-relational
  • Partitions for scale
• Table Tips
  • In the cloud, denormalize your data
  • Avoid cross-partition queries
    • Replicate properties in relationships
    • Duplicate data for multiple indexes
  • Offline calculation
    • Maintain aggregates asynchronously
    • Do expensive queries offline
    • Precompute when possible
• Simple Model: Worker – Queue Model
  • Automatic scheduling
  • Built-in reliability
  • Flexible scale
  • Sounds like my skynet architecture
• Loosely-Coupled Apps
  • Remember components are unreliable so one failure shouldn’t cause others to fail
  • Loose coupling with queues
• My Thoughts:  Some of the ideas are already implemented to a smaller scale at work we just don’t use Azure.