Halley Suitt is posting pictures that look like she has gotten at least 4" of snow ther ein Boston. Here in Vermont it is COOOOOOL, but now snow! Apparently it snowed a bit on Thrusday but it was sunny so there was nothing left to show for it by the time I got home from Las Vegas.

Posted from BLInk!

Two of the new classes inside of System.NET.Cache are the HTTPRequestCachePolicy and RequestCachePolicy. It gives us some control on client side caching on a request by request basis. Since I think "web apps" when I think about caching, it took me some time to grok (with some help from a few folks at MS) what it's real purpose is.

Of course, it doesn't make sense that a webserver based app would have ultimate control over client side caching (wouldn't that be cool though - magic, but cool!) As far as I know, only the client machine has knowledge of what is in its' cache.

These classes are available for client and middle tier applications that are making HTTPWebRequests or FTPWebRequests and allow you to control how a webrequest is handled based on either the age of what is available in the cache or just by the location.

Since I do most of my interaction with a webserver via web services* or aspx pages, this doesn't solve any problems that I am currently having, but it has given me some ideas of how I might leverage it in my applications.

Here are some ideas.

Say you have a web application that creates a pdf report and returns it to the calling client - maybe that is a windows app or even a web app that is the client. The data for this report does not change very much during the course of the day and it is a huge report. So you don't realy want users taxing the webserver by requesting it more than once per day. You can tell the calling application to first check the local cache and if that download is in there and it is less than one day old, then it will not bother making the request.

Another example is for windows apps that actually use the web browser control. I have never had occasion to do this myself. But you can control how calls are made to the webserver to populate that control with instructions similar to the above sample - based on age or freshness - or you can instruct it to always go from the local cache under certain situations or always from the server. Or you can tell it that if there is nothing in the cache than get it from the server, but otherwise always get it from the cache. My simple demo on this only showed interaction with this funcationality. I had a web page that displayed the current time and you could see, for example, the time not changing for 5 seconds even though I was doing rapid-fire refreshes on the page.

This is not earth shattering functionality for the work that I do, but I can imagine that people writing applications for large corporations would benefit greatly from every tool that reduces the toll on the webserver. You can read more in this online documentation for .NET 2.0: Cache Management for Network Applications.

*re: web services - I REALLY wanted this to work with web services, but it just doesn't. Although you can pass it the uri of an asmx file, there is no way to call the web method. I tried setting up the definition of the policy against the entire web service and then making a call to the webmethod, but it just didn't work.

Posted from BLInk!

I just discovered a great local treat and am going to help my new pal (and proprietress) Ann Zuccardy by blogging about it (since it can be ordered for holiday gifts!) It's the Vermont Shortbread Company. Their site is getting updated, but you can email Ann directly for pricing and shipping info!

Ann leads a double life as a technical writer, currently on contract at IBM, but she is a consultant -  which is how we got to chatting initially.

Posted from BLInk!

Dave Bost got to do what I didn't - attend sessions by some of the most awesome speakers on "the circuit" and then mine, too! I was busy working on my sessions so did not get to any. Here are his posts from Monday (Microsoft day), Tuesday and Wednesday with great details about the talks he attended. He also posted about the SQL Server and ASP.NET Keynotes by Tom Rizzo and Scott Guthrie. Dave is a user group leader who I knew from email, so it was fun to meet him.

They are making a DVD that can be purchased with all of the session from ASP.NET Connections and Visual Studio Connections, but not the SQL show. I believe it can be ordered through the registration page.

Posted from BLInk!

I had an awful moment in my WSE talk at ASPConnections thanks to great difficulty sleeping the previous night, so I want to be sure to write out my explanation of how a digital signature works here.

I have what I know is a terrific visual diagram to help explain digital signatures. What confused me when the slide popped up is seeing a private key next to the word encryption, which is correct for digital signatures but not for normal encryption. I had just walked the encryption diagrams and then hit the digital signing slide, saw that private key and my first thought was "but we don't encrypt with a private key, we do it with a public key." I really froze. In reality, my slide was right as I absolutely knew what I was talking about. Unfortunately i did not just allow myself to get past that moment of doubt. (which is a whole different topic about the balance of my knowledge, my presentation skills (both pretty good) and my confidence in them.)

So here's the deal with why we are encrypting with the private key in this case. You can encrypt with any key you want, but you choose between them depending on your goals.

Encryption to achieve confidentiality: In this more common encryption scenario where we are trying to hide a message from prying eyes, we encrypt with the public key so that only the owner of the private key is able to decrypt. Anyone can see the message, but they won't have the ability to decrypt it and view its' actual contents.

Encryption as part of a digital signature: When digitally signing a message, we are creating a copy of the message body, hashing it (remember hashing can't be undone) and then encrypting the hash. In the end, the validation is to ensure that the hash of the received message body matches this hash that we have sent along with the message body. If someone has mucked with the body or the hash (or both) there is no way that there will be a match on the other end. The encryption of the hash is done with a private key and then undone with the public key from the pair.

So this begs the question, why bother encrypting it if anybody can decrypt it? By encrypting with the private key, the recipient is absolutely assured that it was the sender (the only person with the private key) who created the digest. Think of this scenario: some devilish person could grab the message on its' way, modify the message body and then create a new digest of that body. That would mean the digest would match the body when it's received. But, that devilish person doesn't have the correct private key to create the digest with. The recipient's public key would recognize that immediately and the message would be invalidated.

So the process of signing doesn't prevent anyone from mucking with the data (nor from even looking at the data - as this is the job of encrypting the message body), but just acts as a big red flag if the received message has been "violated" along the way.

Along those same lines, it's good to note that encrypting a message body may prevent the wrong person from reading the actual data, but it is no guarantee that someone hasn't taken the string of cipher text and altered it in anyway.

Posted from BLInk!

Someone who attended two of my talks commented that my slides were different than the printed slides in the distributed book. I can understand that this may cause some confusion if you are trying to follow the slides through the book and take notes. Changing slides is a hard choice but sometimes necessary.

In my case I had a presentation on the whidbey base class libraries and another on Web Services Security with WSE2, a very new technology that we are still getting a deeper and deeper understanding of.

Whidbey is a moving target. I initially put together this presentation a year ago using the PDC bits. I modified it for a June conference to reflect  changes in the May CTP bits. I revised it once again with the Beta1 bits for the ASPConnections show. The powerpoint slides were submitted in early September  so that the books could be printed. Since then the October CTP bits were released and I updated the talk once again to incorporate a few goodies as well as add in a few new discoveries and to revise some information that had become clarified. I believe I mentioned this at the start of the talk and I think it's beneficial  to have the presentation be as current as possible.

For the second presentation, again, I considered the effect of changing the deck and, again, decided it was beneficial after doing a "trial run" of the presentation in Montreal in October. The deck represented about a 2 hour talk (at minimum) and I had to make some tough choices about what details needed to go. (I'm very happy to learn that I will now get 3 hours to do this next time!) What I ended up doing was hiding some of the slides. Additionally in the months between the printing and now, I implemented WSE2 in a pre-existing production app and have spent a lot of time in the WSE newsgroup. I have learned a lot about some of the problems and confusion a programmer will come up against using this tool and I chose to add some of these valuable lessons to the presentation.

Although I did talk to some other speakers about this I wonder how people handle this when presenting - especially with new material.

I will be posting these new versions of the power point slides to my own website and I believe that the DevConnections site also has a place where I can share them. When I do so, I will make note of that here in my weblog.

Posted from BLInk!

In addition to some of the Microsoft Tablet team being at the DevConnections because they were doing a full day pre-con and also decided at the last minute (or I only found out at the last minute) to do talks during the regular sessions as well, there was a definite, though concentrated,   tablet buzz at the show. The most interesting thing they did was set up a hands on lab in the exhibition hall with 30 tablets, a few people from the team and happily for me, Lora Heiny and Loren Heiny. The hands on lab is the same one I did at TechEd and is really a fantastic walk through demonstrating to programmers how easily they can tap in to the inking functionality of the tablet as well as how deep the API really goes. The lab definitely needs a VB version. I was there helping some VB programmers out who, though trying to learn about the tablet api, were struggling with things like casing and other syntax problems that prevent C# from compiling. I think that will get done soon (I even offered to do it, but I think it will happen from within the team). The lab had a lot of people in it throughout the show, though, considering there were about 1500 attendees, the sessions themselves were not heavily attended. My session had some last minute changes since there were the extra sessions added in and I basically had to cut it in half. And those that did attend my session, where I walked through some of the tougher issues to deal with when writing an ink-enabled web application (using my online Doodle app as the my demo), had been attending many of the tablet sessions so they were light on questions.

It was fun to go to the famous Aureole restaurant that was right in the casino - famous to us, because it has a beautiufl tablet application to help clients sort through their thousands of bottles of wine. I think I blogged about it once and might dig up that link when I'm on line again. I went with Arin, Mark, Elliot and Mason from the tablet team as well as Kathleen who has a new M200! Thanks for the vino guys.

Most fun for me was to hang out a bit with Lora and Loren, though they weren't around in th eevenings.

Posted from BLInk!

Of the four nights we were at the Mandalay Bay for DevConnections, Kathleen Dollard and I ate Sushi at the same restaurant three of those nights. on the last night we got a few of our pals to come along!

That's Mark Michaelis, Richard Grimes, Dave Sussman, Don Kiely, Kathleen, Me & Chan Ouyang, from Philadelphia, who was one of the attendees.

Posted from BLInk!

At the closing session of DevConnections there was a jam packed auditorium of attendees and a panel of a host of speakers up front. Carl Franklin ran around the room (literally ) with a mike so people could ask questions. A larger percent of the questions were SQL Server related as that is the focus of one of the three conferences that make up DevConnections. There were a few questions about .NET, such as the future of the application blocks (which, by the way, is two-fold: much of what was learned in the app blocks is being folded into VS 2005 and they are also going to be part of Enterprise Services).

Yet one consultant stood up and asked an interesting business question. While there is so much push from Microsoft and from all of us who are excited about the new technologies, he is in a very familiar position. His clients' VB6 programs run their businesses. They use SQL 2000. Everything works great. He said that his clients are afraid that he will push them to the new technologies which would be a great expense for them, even though their current systems more than suit their needs. What's a guy (or girl) to do? He was looking for advice in handling this issue.

I have a client that was very happy on their VB6 apps and SQL 7 for a long time. I have been very fortunate that they trust my choices and although I continue to make minor changes to their enterprise VB6 application, every new piece of development in the past 2 1/2 years has been in .NET. This did not cost them anything extra since I spent my own time learning and experimenting. There are even pieces of their application that I have not charged them for, such as implementing WSE2 in one of the production apps. My ability to make these choices has also paid off in a very visible way with the use of a smart client application with a web services back end which solved a problem we had talked three years ago about solving with a very expensive T1 line to one of their satellite offices.

I have not leveraged anything new in SQL 2000 so that they were not forced to spend the large chunk of cash to upgrade from SQL7. This summer, it was discovered that their server had been hacked and in a quick build of a new server, the sysadmin chose Windows 2003 server which meant we had to move to SQL 2000. The 6 month trial was a saving grace in the emergency, but I know the client did more than grimace when those 6 months were up. Now they are asking me about SQL 2005 and Longhorn so that they can start planning ahead for the expense of upgrading all of their systems. I promised them that I have no plans to implement any of the sql 2005 features any time soon in their applications and that if I do find that I have a very strong business case for doing so, there would be plenty of time to prepare for the financial hit.

So, back to the guy at the conference with his question  - how will Microsoft support HIM in working with his clients to make these decisions and to assure his client that he is not needlessly costing them money? He  is in a rough place. One of the biggest reasons I left FoxPro years ago was because I was sick of defending it to potential clients who thought that Microsofot was going to bury it. This developer wants to learn and be proficient with the new tools. He also wants to keep his clients happy and to be a good consultant to them by helping them make the right choices and protecting them from unnecessary expenditures.

It's an interesting question. I agree that there should be something that Microsoft can do to help him, but it has to be to help give *his* clients the best advice but not scaring them into moving everything to the latest and greatest technologies so that they can sell another server license.

Kathleen and I talked about this and I think it also fits somewhere in the conversation that Joel Spolsky began (or perhaps just raised to new heights) in his article about the API Wars. I expect to see more on this discussion in the near future.

Posted from BLInk!

I got a few people at DevConnections to doodle on my web inking application here: www.thedatafarm.com/doodle.aspx. Go to the gallery to see what they did. Add your own if you want!

Posted from BLInk!

A quick post from Las Vegas! I'm at DevConnections in the incredible Mandalay Bay, there are, I believe, about 1500 attendees which is phenomenal.

This year I am in the fortunate position of being a speaker which means getting to hang out in the speaker lounge where we are all working on our talks!

I had the best luck this morning to have sitting across from me, Durga, who just happened to own a pieceof .Net2.0 that I hare been very confused about. He even had a demo of what I was trying to do. So after seeing his demo, I finally was able to fix my demo on that class! (and then share it with others.) the conversations in here are amazing so its a lot of fun!Of course I want my talks to be perfect, but I also want to go to some of the great talks that are going on today and the Next few days. There are a few Burlington people here, too, which is always a big treat for me!

Posted from BLInk!

Sorry, still laughing about Scott Guthrie's OOF TLA PPS post from yesterday. It's about midnight. I have to get up at 4am. But of course, that requires going to bed first. I'm off to Las Vegas for ASPConnections although I'm going a little early as Kathleen Dollard and I are going to drive out to Zion National Park for a few days. Hopefully we'll get back in time for the big Dot Net Rocks party on Saturday night.. It's supposed to snow here tomorrow!

In case I haven't mentioned it yet (ha ha) I'm doing 3 talks. Web Service Security for Dummies with WSE2.0 (which will be a nice precursor to Michele Leroux Bustamante's Advanced WSE2 talk), What's new in the .NET 2.0 Base Class Libraries for ASP.NET Developers and Developing Ink Enabled ASP.NET Applications. There will also be a TechEd Cabana like hangout which I'm looking forward to. But mostly looking forward to geeking out for days on end with lots of friends (old and new). Awww shucks.

Posted from BLInk!

Although I was expecting some syntax changes, so far, my debugger visualizer that I wrote with the March bits and ran with the Beta1 still runs in the October bits.

Two things to note: if you have the debugger visualizer project open in the same solution as the app you want to use it in, you will get a wierd error when trying to use that visualizer in run time. I actually haven't dug into how to debug these things. They are not like a project that you reference and debug into. But if you are testing it, you would just open it up in a separate instance of VS, then compile and copy the dll into the directory and test again.

The other thing is that when you create your visualizer and, as per the Beta1 bits, have to put them into mydocuments\visual studio\visualizers folder. In these bits, the folder does not pre-exist. However if you use one of the canned visualizers, then the folder gets created automatically.

Here is another pointer if you are moving a d.v. from older bits to newer bits.

Posted from BLInk!

Steve Smith and his famous red pen encounter Iraq's fabled Camel Spider. Don't forget to read the last sentence at the bottom - I almost fell out of my chair laughing.

Posted from BLInk!

My husband teases me when I say "hey, I had an idea" by responding with "ahh - I thought I smelled smoke". So just imagine when....

Posted from BLInk!

Sounds like another perfect project for me if I weren't so darned busy. So here...anyone?

Visual Studio .Net Developer with emphasis on VB and ASP aspects. Prior experience in Database conversions a plus. Location will be partial on site in the Vergennes, VT area, balance from home or personal office as mutually agreed on. Contract status options: Hourly, either on a 1099, corporation to corporation or W-2 basis. Duration projected November '04 through April '05. Will be part of a team effort involving 4 to 5 other programmers, some very senior, some more junior.

Interested folks should call Chris Johnson at Technical Connection, toll free 1-888-854-TECH or email resumes to Vermontjobs@aol.com(let him know you found out here...)

Posted from BLInk!

A#1: uninstalling all previous bits. Uninstall takes forever. Longer than install I think.

(oh and if I had an A#2 : that darned 870MB J# Redistributable)

Posted from BLInk!

http://www.panopticoncentral.net/archive/2004/11/02/1934.aspx

Posted from BLInk!

Aaron Junod has posted a Windows/Cisco Admin job in the Hartford, CT area.

Posted from BLInk!

Just for fun, I'm going to put the latest CTP of Visual Studio on my laptop that I will be using for my What's New in BCL Whidbey for ASP.NET developers presentation at next week's ASPConnections. Maybe I'll even try to run SQL 2000 Developer Ed. and sql 2005 express side by side. Just have to watch out for that sqldmo problem (though maybe it's fixed now) 

Posted from BLInk!