Galin Iliev [Galcho] Blog! favicon.ico 2008-07-08T16:58:24.761168+03:00 Galin Iliev Walking on water and developing software from a specification are easy if both are frozen. http://www.galcho.com/Blog/ DasBlog How To - Run a (huge) software company http://www.galcho.com/Blog/PermaLink.aspx?guid=6aba7af2-4900-4cd7-a072-8fa08072fd53 2008-07-08T16:58:24.761168+03:00 2008-07-08T16:58:24.761168+03:00

Software business is quite different than other businesses. Mainly this is because in software there are very few routines that can be set as standardized actions, write action plans for them or so on. Let's take retail business - although it has it's own specifics in major part the manager can define in what threshold of goods availability make order to suppliers, or when to put some goods on sale and so on..

In software is different. While in others micromanagement (although bad in general) can be applied in software is impossible.

This is why we have so many methodologies: Waterfall model, Spiral model, Extreme programming and so on...

But where is the secret to success? There is no single answer to this question. But Joel Spolsky shared his experience working with BillG - more especially having him making a design review...

Bill Gates was amazingly technical, and he knew more about the details of his company's software than most of the people who worked on those details day in and day out. He understood Variants and COM objects and IDispatch and why Automation is different than vtables -- and why this might lead to dual interfaces. He worried about date and time functions. He didn't meddle in software if he trusted the people who were working on it, but you couldn'tbullshit him for a minute because he was a programmer. A real, actual programmer.

and more

Bill doesn't really want to review your spec, he just wants to make sure you've got it under control. His standard M.O. is to ask harder and harder questions until you admit that you don't know, and then he can yell at you for being unprepared. Nobody was really sure what happens if you answer the hardest question he can come up with because it's never happened before.

Read the whole story (here too) and you will learn some interesting things as how Microsoft made such great product as Excel, how deeply the management should be involved in the details; What is F-counter and how it is related to design reviews :).


This weblog is sponsored by newtelligence AG.
VS2008 seminars in New Horizons Bulgaria http://www.galcho.com/Blog/PermaLink.aspx?guid=9ff7f56f-8dcd-4ef6-9935-fec21b68672f 2008-06-19T17:38:47.0304624+03:00 2008-06-19T17:38:47.0304624+03:00

Yesterday was last seminar from VS2008 series held in the New Horizons Bulgaria office with Microsoft Bulgaria support.

The seminars was very interesting (not only from my perspective of trainer) but also from audience perspective we see in their feedback. During high demand I am publishing presentations and demo scripts where available. It is always good to write code in live (although not very easy - try it ;) ) and this is why I cannot provide working demos - I have only my own cheat lists which I use in cse I am stuck somewhere.

Deep Dive in LINQ - Here I talked about new features in C# in details and how they are build internally(also described in my Introduction in LINQ and C# 3.0 (In Bulgarian) ). Also I covered LINQ to SQL, LINQ to XML.  In demos we took a look at C# syntax sugar, new ways to work with XML as well as some problems stated in Project Euler and solved with C# 3.0. Slides + Demo scripts (PPTX+DOCX - 1.22MB)

Develop Dynamic Web Sites with ASP.NET 3.5 - This session was focused on web development. Here I show new controls to work with LINQ to SQL data source declaratively. We took a look at ASP.NET Extensions (aka Futures): ASP.NET MVC, ASP.NET Dynamic Data, ASP.NET AJAX Integration, ADO.NET Data Services. All features was shown in code except ADO.NET Data Services. For ASP.NET AJAX was shown how to control Browser's Back Button from both server-side and client-side. Slides+Demo Scripts (PPTX+DOCX - 3.23 MB).

Overview of WCF, WF, WPF - Although these technologies are not new there is still some improvements in .NET 3.5. These components are very useful but their adoption is not very fast. We talked about the architectural decisions and challenges behind them. The demos show how to work with WCF in VS2008, How to create REST Service and how to expose JSON as result. WF demos show how to create simple sequential workflow. WPF demo presented project structure, generated code, XAML (of course) and WPF data binding basics. Slides+Demo Scripts (PPTX+DOCS - 10.8 MB).

Hope you'll find it useful.
As always any comments and feedback are very welcome.


This weblog is sponsored by newtelligence AG.
Rafal Lukawiecki for Data Mining http://www.galcho.com/Blog/PermaLink.aspx?guid=e7e4617c-5055-47c7-8141-9fb7cae7bf42 2008-06-11T23:34:01.154536+03:00 2008-06-11T23:34:01.154536+03:00

Microsoft has recently published a series of video sessions on Data Mining by Rafal Lukawiecki on their TechNet Spotlight.

 

It was very interesting day I spent on January 2008 in a one-day seminar with the best speaker I've even had a chance to watch - Rafal Lukawiecki.

I learned many things - not only in Data Mining area but also in presentation skills and so on...

 

via Anton Staykov's Blog. Thanks for sharing!


This weblog is sponsored by newtelligence AG.
Master - Jedi Master or Microsoft Certified Master http://www.galcho.com/Blog/PermaLink.aspx?guid=4a217e34-42a6-44f6-b05e-863bddd0ae2f 2008-06-11T23:22:15.2294656+03:00 2008-06-11T23:22:15.2294656+03:00
I've just read a blog post pointed to new Microsoft Certified Master program. It seems that MCA is too high and to generalized but MCPD, MCIT Pro are not enough high...

Here are the tracks so far:
  • Microsoft Certified Master: Exchange Server 2007
  • Microsoft Certified Master: SQL Server 2008
  • Microsoft Certified Master: Windows Server 2008
  • Microsoft Certified Master: Office Communications Server 2007
  • Microsoft Certified Master: Office SharePoint Server 2007
Where is the dev one?
This weblog is sponsored by newtelligence AG.
Visual Studio 2008 and .NET Framework 3.5 Service Pack 1 Beta http://www.galcho.com/Blog/PermaLink.aspx?guid=5cf935e4-e695-4a0f-8331-b5c76a8e103f 2008-05-13T16:00:48.935+03:00 2008-05-13T16:14:17.6980672+03:00

There is no doubt that VS 2008 and .NET 3.5  totally rocks! ScottGu'sdivision keeps pushing these products and constantly improving developer's productivity and shortening development cycle.

This time MS is preparing to release .NET 3.5 SP1 and VS 2008 SP1 releases.

In short here are improvements:

Improvements for Client Development
  • ASP.NET Data Scaffolding Support (ASP.NET Dynamic Data)
  • SP.NET Routing Engine (System.Web.Routing)
  • ASP.NET AJAX Back/Forward Button History Support
  • ASP.NET AJAX Script Combining Support - Omar Al Zabir wrote an extensive article about this approach.
  • Visual Studio 2008 Performance Improvements HTML Designer and HTML Source Editor
  • Visual Studio 2008 JavaScript Script Formatting and Code Preferences
  • Better Visual Studio Javascript Intellisense for Multiple Javascript/AJAX Frameworks - who can blame MS that force us to use their JS framework now?!
  • Visual Studio Refactoring Support for WCF Services in ASP.NET Projects
  • Visual Studio Support for Classic ASP Intellisense and Debugging - I am wondering when this technology will be declared dead :) (This is what I used in my first web apps too :))
Improvements for Client Development
  • Application Startup and Working Set Performance Improvements
  • New .NET Framework Client Profile Setup Package
  • New .NET Framework Setup Bootstrapper for Client Applications
  • ClickOnce Client Application Deployment Improvements
  • Windows Forms Controls
  • WPF Performance Improvements
  • WPF Data Improvements
  • WPF Extensible Shader Effects
  • WPF Interoperability with Direct3D
VS 2008 for WPF Improvements
  • Several performance improvements
  • Events tab support within the property browser
  • Ability to sort properties alphabetically in the property browser
  • Margin snaplines which makes form layout much quicker
  • Better designer support for TabControl, Expander, and Grid
  • Code initiated refactoring now updates your XAML (including both control declarations and event declarations in XAML)
  • Go to Definition and Find All References now support things declared in XAML
Data Development Improvements
  • SQL 2008 Support
  • ADO.NET Entity Framework and LINQ to Entities
  • ADO.NET Data Services
WCF Development Improvements
  • Significant scalability improvements (5-10x) in Web-hosted application scenarios
  • Support for using ADO.NET Entity Framework entities in WCF contracts
  • API usability improvements with DataContract Serializers, and with the UriTemplate and WCF web programming models
  • Enhanced TestClient support within VS 2008 SP1
  • New Hosting Wizard in VS 2008 SP1 for WCF Service Projects
  • Improved debugging support in partial trust scenarios
VB and C# Improvements !!!
Team Foundation Server Improvements

Pretty impressive...

Read full novel by Scott Guthrie here :)


This weblog is sponsored by newtelligence AG.
My Sessions at Microsoft Days 2008 in Sofia, Bulgaria http://www.galcho.com/Blog/PermaLink.aspx?guid=1c8b20dc-dfd2-4bf6-8153-f5d352db740c 2008-04-30T18:37:01.952+03:00 2008-04-30T18:38:20.7963552+03:00

MS Days 2008 in Bulgaria is in history now and I could say I had a nice two days. There were many lecturers (about 50) and 72 sessions in 6 tracks.

For those who missed my talks or are interested in slides here are summary of the sessions:

LINQ to XML - Data Access Technologies

This session was focused on the new API from XML team for .NET languages. I gave a side by side comparison between traditional DOM vs. LINQ to XML regarding those most common actions:

  • Create XML
  • Traverse XML
  • Transform XML

I covered also VB9 Literals. At the moment I started talking about VB I was thinking people would throw rocks at me (and some really considered that option:) ). But at the moment when repeated some of demos with VB9 code the audience was very impressed and they forgot about those rocks in their pockets. Even there were initial brainstorming whether same things can be implemented in C# with custom code.(Unfortunately this is a compiler feature and we cannot do it very easily).

Another thing I mentioned was LINQ to XSD.

I've decided that people will understand my points better if I write code in front of them instead of just explaining it. This is also more challenging :). I think it went well...

Here are the downloads:

IIS7 for IT Pros

IIS7 is the most interesting feature in Windows Server 2008 and I already had some talks about it. In this talk I covered (from administration perspective) following key topics:

  • What is missing in IIS 6.0
  • IIS7 module architecture and it's benefits
  • New .NET-like configuration files and metadata
  • Delegated Administration
  • Shared Configuration
  • Tracing and Diagnostics

The things I've demonstrated are:

  1. New tools - new management console as well as APPCMD command-line tool
  2. Richness of new error pages and generated trace file - it is whole HTML+JS application built with XML & XSLT with incredible amount of information.
  3. WCAT stress test with view of live requests on the server.
  4. Analyze server and site load using IIS7 Admin Pack features.

And here is the presentation: MS PowerPoint 2007 format (0.98 MB)

Any feedback is very welcome.


This weblog is sponsored by newtelligence AG.
How bad is SQL Injection http://www.galcho.com/Blog/PermaLink.aspx?guid=bec8448a-1177-4e2f-b924-40cdb77c47ea 2008-04-30T16:24:29.3577136+03:00 2008-04-30T16:24:29.3577136+03:00

I have been presenting IIS (Internet Information Services) for a while and there is one slide in my deck which says that there is No critical security patch since RTM for IIS6.

Recently there was some news about 500k web pages was exploited with SQL Injection hack(more info here and here).

Although this could put some shadow on IIS security it has to be clear that this is not an IIS exploit. This is application exploit. Any application could suffer SQL Injection (video: Length: 6:01 - Size: 6.37 MB ).

It is not like uploading harmful file on the server and execute it, isn't it?

So it has to be clear: Do not use such code: 

            public
            bool Login(string userName, string password)
{ string command = string.Format("SELECT
COUNT(*) FROM User WHERE UserName='{0}' AND Password='{1}'", userName, password); using (conn)
{ SqlCommand cmdLogin = new SqlCommand(command,
conn); conn.Open(); int res = cmdLogin.ExecuteScalar(); return res
== 1; } }

Do you know why?!

Because if you get as password the following string ' OR 1=1 '; drop table Users; you will drop the table from DB and apparently the application will stop working.

Do it this way: 

            public
            bool Login(string userName, string password)
{ string command = string.Format("SELECT
COUNT(*) FROM User WHERE UserName=@UserName AND Password=@Password",
userName, password); using (conn) { SqlCommand
cmdLogin = new SqlCommand(command, conn); cmdLogin.Parameters.AddWithValue("@UserName",
userName);cmdLogin.Parameters.AddWithValue("@Password",
password);  conn.Open(); int res = cmdLogin.ExecuteScalar(); return res
== 1; } }

It is much safer...

Hope this helps!


This weblog is sponsored by newtelligence AG.
Get list result from Stored Procedure http://www.galcho.com/Blog/PermaLink.aspx?guid=cdee5e6a-198b-4dae-838a-8645abc9bdbc 2008-04-30T14:58:32.6927936+03:00 2008-04-30T14:58:32.6927936+03:00

Stored procedures are very powerful and they have many benefits than using UDF (user defined function).

There is one cons though - resultset cannot be manipulated further from T-SQL.

There is one trick that will allow it: by using OPENROWSET: 

            SELECT * FROMOPENROWSET ('SQLOLEDB','Server=(local);TRUSTED_CONNECTION=YES;','set
fmtonly off exec master.dbo.sp_who') AS tbl

Read full blog post here


This weblog is sponsored by newtelligence AG.
How much of success is the technical side? http://www.galcho.com/Blog/PermaLink.aspx?guid=ff792478-951a-475c-b32f-cbc6d65ae68d 2008-04-29T15:02:09.542136+03:00 2008-04-29T15:02:09.542136+03:00

All of us has heard of software companies that achieved a great success - Microsoft, Apple, Yahoo.. more recently Google and Skype. As we are technical people we tend to think it is related entirely with some super-duppa algorithm, smart software or you name it... built even in a garage. In most cases this is the initial power that make them move. But after initial start there are another factors that counts.

Have you wondered how is possible to build world class product with team of 5 and within a year to have a team of 100 (or 1000) doing same thing?  This is very dangerous situation because there is a moment in a young company when nobody knows what exactly are their responsibilities. It is dangerous because clients starts to suffer low quality of service. Having many teams require a lot of communication and not knowing how to structure it a lot of precious time is wasted. Such situations requires a good leadership.

The companies that has success had a leaders to help them. And leadership has small to do with technical problems. Dale Carnegie points this very accurate:

Even in such technical lines as engineering, about 15% of one's financial success is due one's technical knowledge and about 85% is due to skill in human engineering, to personality and the ability to lead people.

Dale Carnegie

Software industry is very different to other well known industries and in same same time very similar. Leadership is very same. 

Employees are not told what to do anymore. Now, you influence their choices and assist them in reaching their goals. You do not direct; you win the team over to your point of view. You do not dictate; you inspire! You can learn how to convey this inspiration by focusing on your leadership skills development. Leadership development is needed to successfully take charge of your team in today's business world.
dalecarnegie.com


This weblog is sponsored by newtelligence AG.
.NET 3.5 Enhancements Training Kit http://www.galcho.com/Blog/PermaLink.aspx?guid=1f442c5d-7ff7-4936-8009-61b90fe02abf 2008-04-13T16:09:06.0071552+03:00 2008-04-13T16:09:06.0071552+03:00

After Visual Studio 2008 training kit was released now it turn to .NET 3.5 Enhancements :)

This kit that was kindly put together by Developer and Platform Evangelism Group in Microsoft contains:

  • ASP.NET MVC
  • ASP.NET Dynamic Data
  • ASP.NET AJAX History
  • ASP.NET Silverlight controls
  • ADO.NET Data Services
  • ADO.NET Entity Framework

Download it from Microsoft Downloads (34.9 MB)

(via Guy Burstein)

Note: For this release of Visual Studio there are so many materials and training kits as never before! All one have to do it download and read, play and practice. And this is because of the strong community and internal support by Microsoft teams.


This weblog is sponsored by newtelligence AG.
Release package is settled: Entity Framework & ADO.NET Data Services in VS 2008 SP1 and .NET 3.5 SP1 http://www.galcho.com/Blog/PermaLink.aspx?guid=6ea0ef5d-af45-4ffc-b802-c75b4c06320a 2008-04-11T13:47:02.366+03:00 2008-04-11T13:47:48.8935056+03:00

It's settled! The Entity Framework (and the Entity Designer) along with ADO.NET Data Services will RTM as part of the Visual Studio 2008 and .NET 3.5 SP1 releases!

Unfortunately, we don't have official release dates at this point, but stay tuned. You'll also want to keep an eye out for the upcoming SP1 Beta 1, which will be your next chance to check out updated bits for both of these products.

Elisa Flasko
Program Manager, Data Programmability

(via this ADO.NET team blog post)


This weblog is sponsored by newtelligence AG.
Access Remote SQL Server with SQL Management Studio and Windows Authentication http://www.galcho.com/Blog/PermaLink.aspx?guid=20d0d23f-9f7d-46e8-a82c-971c1118996e 2008-04-09T13:37:27.249+03:00 2008-04-09T13:38:16.810688+03:00

I've been working with SQL Management Studio since it's release (and even before) and I think it is a very good tool. Especially as in next version there will be IntelliSense.

In my daily work I need to access several remote SQL Servers (over VPN) and some of them require windows authentication. With SQL Server Authentication is easy - just create VPN connection and use SQL Server Management Studio from local machine entering SQL credentials in the wide-known box below:

image

This is not the case with windows authentication. Especially in domain environment it is better to give access to domain groups and users instead of creating SQL ones.

As a workaround (the one I've used 'till today) you can do remote desktop connection to the server and do the job via RDC console. I have struggled with this approach for a long time and although it is not that bad there are some issues working all the time via RDC.

I've tried runas command but somehow my credentials weren't accepted.... but the switch /NetOnly did the job

so I use now 

C:\>runas /netonly /user:domainName\userName "C:\Program
Files\Microsoft SQL Server\90\Tools\Binn\VSShell\Common7\IDE\ssmsee.exe"

and it works...

Hope this helps


This weblog is sponsored by newtelligence AG.
IntelliSense in MS SQL Server Management Studio! Finally!!! http://www.galcho.com/Blog/PermaLink.aspx?guid=5e00a759-7ade-4c40-b805-7b8219619223 2008-04-08T18:02:24.202+03:00 2008-04-08T18:05:05.9150864+03:00

In the new MS SQL Server 2008 (a.k.a. Katmai) Management studio will have IntelliSense. It is not very stable and performance is not great in CTP6 but there is still time to release to make it as good as in Visual Studio.

Thank you guys!

scr1 scr2


This weblog is sponsored by newtelligence AG.