Archives

Archives / 2004 / July
  • Troll Board

    If your post ended up here, it was off-topic, uninteresting, unoriginal, unargumented and / or not funny enough. In other words, congratulations, you're a troll.
    My own posts that are on this board were kept here to balance the trolling a little.
     
    Let the troll board begin:
     
    # re: Some comments on Oracle's comparison of PHP and ASP.NET Remove Comment 197033
    http://www.microsoft.com/mscorp/facts
     
    That URL contains far more bullshit than the Oracle article..
    7/26/2004 5:59 AM | nofool
    # re: Some comments on Oracle's comparison of PHP and ASP.NET Remove Comment 197085
    Guys, before anyone posts anymore comments here please look at the bottom of this site and see what it's being served on (ASP.NET). That made it more clear to me why there is all of this MicroShaft propaganda on this site.
    7/26/2004 7:21 AM | Doesn't matter.
    # re: Some comments on Oracle's comparison of PHP and ASP.NET Remove Comment 197133
    Too funny! Quoting the Get The Facts pages as "proof" of TCO equality is a farce. Obviously, Microsoft funded the TCO study and surprise! it came out in their favour. Who runs Linux on a mainframe for file serving? In any case, you can run PHP on IIS. I know, because I do.
    7/26/2004 8:04 AM | General Protection Fault
    # re: Some comments on Oracle's comparison of PHP and ASP.NET Remove Comment 197699
    Just how cynical can you be! Security, to cite one example, has been a problem worth billions for Microsoft customers around the world FOR ABOUT A DECADE NOW. You call that prompt customer support?
    7/26/2004 3:58 PM | Anona
    # re: Some comments on Oracle's comparison of PHP and ASP.NET Remove Comment 197700
    Anona: Just how much can you oversimplify this? Security has been a problem worth billions for EVERYONE for more than a decade, not only MS customers. It is also a problem for Apache customers, for Oracle customers, you name it.
    Just try the MS customer support. The response during the last virus/worm crises has been amazing. We've been helping countless customers to recover their machines and configure them so that they are properly secured.
    Yes, I call /that/ prompt customer support.
    7/26/2004 4:04 PM | Bertrand Le Roy
    # re: Some comments on Oracle's comparison of PHP and ASP.NET Remove Comment 197718
    Apesta!!, claro que van a defender a su inche ASP.NET, porque??, porque el sitio esta montado en Windows !! Guacala!.
     
    Y aunque les duela PHP5 es mejor!!! por donde le busquen!
     
    Viva PHP5!!!!!!!
    7/26/2004 4:33 PM | Anonimo
    # re: Some comments on Oracle's comparison of PHP and ASP.NET Remove Comment 197720
    "Security has been a problem worth billions for EVERYONE for more than a decade, not only MS customers."
     
    Utter nonsense. During the last decade, I or my Mac-using clients, for example, have NEVER had a virus, trojan, worm, spyware or adware problem. Not once. Did I say, not once? Contrast that to Windows user over the last decade. Are you telling me these are comparable situations? Please. Even your ex-CEO admitted your security problem. I'm not going to let you sweep it under the carpet.
     
    I didn't build Outlook or IE, you did. I didn't make the architectural choices that led to these abominable apps, you did. I didn't create the business model of "features before security", you did. I'm not the one who's trying the convince the computing public this is an acceptable/unavoidable state of affairs, you are.
     
    Frankly, the problem is not MS (you do what you do), it's the unbelievably mypoic IT drones for using such sloppy products.
     
    7/26/2004 4:33 PM | Anona
    # re: Some comments on Oracle's comparison of PHP and ASP.NET Remove Comment 197726
    Anona: This is getting really tiring. I've read these arguments millions of times. We're not getting anywhere here. Of course there are more worms for Windows than there are for any other platform. It is the most common platform. Just check the numbers on Apache and IIS and you'll see that the perception of security is something completely different from the security itself.
    No, I did not write Outlook or IE. And please choose your words carefully. "Abominable"?
    For your information, I've been using Microsoft products for about 12 years. Outlook and IE have been my mailer and my browser for as long as I can remember (that is probably for as long as they existed), and I have NEVER had a virus, trojan, spyware or adware problem. Not Once. Did I say, not once? Same thing goes for my wife, who does not have any computer science education. Same thing for my mother, who is 65 and knows nothing about computers. Is my experience relevant? Probably as much as yours with your mac-using clients.
    Do not take individual experience for a generality. Things are not as simple as they seem to be in your head. Of course we need to improve on security because we are the leaders on this market, and that's what we're doing everyday.
     
    Please go post somewhere else.
    7/26/2004 4:46 PM | Bertrand Le Roy
    # re: Some comments on Oracle's comparison of PHP and ASP.NET Remove Comment 197933
    your article is not better than the oracle's one -
     
    7/27/2004 12:25 AM | mattia
    # re: Some comments on Oracle's comparison of PHP and ASP.NET Remove Comment 197957
    :)
     
    Article sucs! ORACLE sucs too.
     
    Incredible stupid article. :) They know nothing about ASP.NET!
     
    7/27/2004 1:11 AM | BlackTiger
    # re: Some comments on Oracle's comparison of PHP and ASP.NET Remove Comment 198377
    Bleroy:
     
    "I've been using Microsoft products for about 12 years. Outlook and IE have been my mailer and my browser for as long as I can remember (that is probably for as long as they existed), and I have NEVER had a virus, trojan, spyware or adware problem. Not Once. Did I say, not once? Same thing goes for my wife, who does not have any computer science education. Same thing for my mother, who is 65 and knows nothing about computers. Is my experience relevant? Probably as much as yours with your mac-using clients."
     
    A good quote. Perfectly sums up Microsoft's attitude towards security. And pretty much kills your credibility.
    7/27/2004 6:21 AM | Bob M.
    # re: Some comments on Oracle's comparison of PHP and ASP.NET Remove Comment 198680
    "This is getting really tiring"
     
    Yes, because you MS people parrot the same argument over and over again: don't blame us.
     
    "Of course there are more worms for Windows than there are for any other platform. It is the most common platform."
     
    How many worms are there for Mac OS? How many have there been in the last decade? Don't evade it, just answer it.
     
    The answer is not "fewer" it's "none."
     
    "And please choose your words carefully. 'Abominable'?"
     
    Any client/browser that has given so much grief to so many for so long couldn't be described otherwise.
     
    "Is my experience relevant? Probably as much as yours with your mac-using clients."
     
    So are you denying that there have been masive security problems with your OS/apps year after year? Has it come to that level of denial?
     
    "Do not take individual experience for a generality. Things are not as simple as they seem to be in your head."
     
    Let's see: Who's affected by the vast majority of security issues out there? MS users. It just doesn't get any simpler than that. What has MS done over the last decade to eradicate this? Not much.
     
    "Of course we need to improve on security because we are the leaders on this market, and that's what we're doing everyday.
     
    Let the record speak for itself.
    7/27/2004 10:46 AM | Anona
    # re: Some comments on Oracle's comparison of PHP and ASP.NET Remove Comment 198781
    Mattia, Warren, etc.: if you have nothing more constructive to say than "your article suckz, php rulez, MS suckz", please go away.
     
    Bob: of course, you dropped the main part of the citation, which was that individual cases should not be taken for generalities. I'm only talking about verifiable things, you guys are talking about purely emotional things. I also said that we still had a lot of work to do, but of course, you didn't want to hear that, you only hear what conforts your system of beliefs.
    Just compare the number of security issues in IIS 5 and IIS6 and see how much progress we've made in just a few years on this huge code base. We're doing the same kind of work on Windows itself, and this will give XP SP2 and Longhorn.
     
    Anona: please do your homework before you post such preposterous nonsense. Open a web browser, go to Google, type "mac worm", click on the search button with your single-button mouse and click on the first thing that shows in the many answers:
    http://securityresponse.symantec.com/avcenter/venc/data/mac.simpsons@mm.html
    Oh, it's a worm, and it's for the Mac.
    Of course, a worm for MacOS won't get very far as there are so few macs. Like a virus that would target people with Vayron eyes.
    Why are there anti-viruses for the Mac by the way?
    I also did a search on Apple Mac OSX Server on http://www.securityfocus.com/bid/vendor/ and there are just too many vulnerabilities for me to bother counting. Do the same search on Windows Server 2003: there are 2.
    Of course I'm not denying that there have been a lot of problems, but like Bob, you don't want to listen to what I'm saying.
    Get me right this time: I'm not denying. What I'm saying is that we've already made a lot of progress (see the numbers for yourself: the record speaks for itself indeed) and that we're still working.
    You're saying that we haven't done "much" to solve security problems? How do you explain the numbers on security focus then?
    Get real. Get the facts.
    And go away.
    7/27/2004 11:19 AM | Bertrand Le Roy
    # re: Some comments on Oracle's comparison of PHP and ASP.NET Remove Comment 198847
    "Oh, it's a worm, and it's for the Mac."
     
    No kiddin'. The script can't use Entourage (or Mail.app for that matter) as a vector to send email without user permission, because MacBU people had the good sense to not allow that. Anything is theoretically possible, but in reality, how many sites did it affect? Symantec says, 0-2. Let's repeat that: 0-2 sites. End of story. This is the best you can come up with? Shame on you.
     
    "Of course, a worm for MacOS won't get very far as there are so few macs."
     
    There are more than 25 million Macs around. How many were affected by this worm, which supposely appeared on 0-2 sites? The Mac OS architecture and app policy is not pestilence-friendly like Windows. This is the best FUD you can come up with?
     
    "I'm not denying. What I'm saying is that we've already made a lot of progress..."
     
    When you start with such abysmal numbers you can only go up, I guess. The vast, vast majority of security problems in the last decade took place on Windows. It's still happening on Windows. And it wil still happen on Windows. That's a fact.
     
    "And go away."
     
    Why? The facts are interfering with your FUD?
    7/27/2004 11:56 AM | Anona
    # re: Some comments on Oracle's comparison of PHP and ASP.NET Remove Comment 198894
    Anona: No, it's not the best I could come up with, I just took the first thing google gave me. I didn't took the time to look at it. The point is just that there ARE worms on the mac, there ARE vulnerabilities (some of them very serious, see securityfocus), and much more than on Windows Server 2003. And of course, no, there are not many worms because 25 million is just a ridiculously small number of machines to attack. It's much more efficient to target unprotected PCs, because yes, there are more unprotected PCs out there than there are Macs.
    Why is that? Not because Windows is unsafe in its current version: activate the built-in firewall, auto-update, and install an anti-virus, that's all there is to it. No, this is so because people don't patch their machines (yes, you have to patch any system, because security and attacks evolve, it's not a static thing, take integer overflows for example) and do stupid things. We have to educate our users as much as we have to make the system safer overall. Both are very important.
    You just won't listen. Is TWO an abysmal number? Just look at your own numbers. You're citing the Mac? Get a grip, just check the numbers, this is currently an unsafe system.
    Windows Server 2003 has had close to zero serious security problems. No other OS can show that kind of results (even FreeBSD 5).
     
    Go away because:
    1. This is my blog
    2. I don't want you here
    3. You're off-topic
    4. What you have to say has been said and answered a million times
    5. You're answering emotionally to verifiable facts
    6. I have better things to do than answer your messages (which I won't do any more from now on)
    7/27/2004 12:31 PM | Bertrand Le Roy
    # re: Some comments on Oracle's comparison of PHP and ASP.NET Remove Comment 198921
    "No, it's not the best I could come up with, I just took the first thing google gave me. I didn't took the time to look at it."
     
    In other words, you didn't do your homework, something you emotionally accused me of.
     
    "The point is just that there ARE worms on the mac..."
     
    Where?
     
    It's ironic that today, this very day, the Net is under attack from a MyDoom variant. Is this happening on the Mac?
     
    "It's much more efficient to target unprotected PCs.."
     
    I wonder why!! Is it because Microsoft has been shipping an unsecure-by-default OS called Windows for years?
     
    "Why is that? Not because Windows is unsafe in its current version: activate the built-in firewall, auto-update, and install an anti-virus, that's all there is to it."
     
    Make the user do the dirty work?
     
    "No, this is so because people don't patch their machines"
     
    Finally, finally, the ultimate excuse: blame the user!
     
    'Nuff said.
     
    7/27/2004 12:43 PM | Anona
    # re: Some comments on Oracle's comparison of PHP and ASP.NET Remove Comment 198929
    Not blaming the user: I said that we had to educate the users, if you paid attention.
    The firewall and automatic patching are now activated by default.
    I don't have to do YOUR homework.
     
    Go away.
    7/27/2004 12:48 PM | Bertrand Le Roy
    # re: Some comments on Oracle's comparison of PHP and ASP.NET Remove Comment 198954
    "I said that we had to educate the users"
     
    Users don't need education, Microsoft does. Users haven't been shipping an unsecure-by-default OS/email cleint/browser, for years. Users don't need to be "educated" about the moronic security architecure of, say, ActiveX. Users haven't made those structural choices, you did.
     
    "The firewall and automatic patching are now activated by default."
     
    Thanks, for the admission of guilt. Unfortunately, this comes after having created untold numbers of unprotected PCs out there that are impacting untold millions of non-Windows users as well. We all have to suffer Microsoft's incompetence.
    7/27/2004 12:57 PM | Anona
    # re: Some comments on Oracle's comparison of PHP and ASP.NET Remove Comment 198980
    Yes, users need education, because some choices are not obvious and keeping a system safe requires a little care from the user. Some things can't be automatic. For example, you still want to be able to install software on your computer. Some software that you may want to install may be dangerous. The system can warn you, but there is a point where it is your responsibility. Not rejecting the responsibility, just stating obvious stuff.
    We did release some code that had security problems, of course I'm not denying that, but so have absolutely every other software company in the world. We have an obligation to be better than anyone else, though, because we are the leaders. And that's precisely what we're doing, and the results we have show that we are successful at that. But you don't want to face the facts.
     
    Where are we today in terms of security when compared to the competition?
     
    Did I say all that already? Yes, but you won't listen.
    If you have nothing original to say, go away. Otherwise, be done with it and say it.
    7/27/2004 1:10 PM | Bertrand Le Roy
    # re: Some comments on Oracle's comparison of PHP and ASP.NET Remove Comment 198999
    "We did release some code that had security problems, of course I'm not denying that, but so have absolutely every other software company in the world."
     
    That's like a 500 lb person saying he had a few extra donuts and who has not.
     
    When was the last time tens of thousands of Mac machines around the world were shut down by a worm or a virus? This seems to happen with monthly regularity these days for Windows users. And you call this "some code that had security problems"?
     
    "We have an obligation to be better than anyone else, though, because we are the leaders."
     
    Leaders in what? Security? You are actually claiming leadership in security? Man, I thought 1984 was a fiction book!
    7/27/2004 1:23 PM | Anona
    # re: Some comments on Oracle's comparison of PHP and ASP.NET Remove Comment 199003
    Yes, we are currently leaders in OS market shares and in security techonlogy. Look at the freaking numbers and compare.
    I've already explained (as well as many other people) why a worm can't propagate efficiently on MacOS, but you won't listen.
    You're a troll, go away.
    7/27/2004 1:26 PM | Bertrand Le Roy
    # re: Some comments on Oracle's comparison of PHP and ASP.NET Remove Comment 199013
    "Yes, we are currently leaders in OS market shares and in security techonlogy. Look at the freaking numbers and compare."
     
    Yes, I'm looking at the number of PCs beset by security problems and comparing them to Mac machines. It turns out the "security technology" provide by the vendor (Microsoft) is shamefully ineffective in protecting the OS and the apps. After you put way all the FUD, mombo jumbo and blame-the-user stuff, the fact remains that Windows machines are less secure and more infected than any other platform, in absolute or in proportional numbers.
     
    That's some mighty leadership!
    7/27/2004 1:35 PM | Anona
    # re: Some comments on Oracle's comparison of PHP and ASP.NET Remove Comment 199100
    "This is my technical / professional blog"
     
    There has got to be a better use of your time, rather than writing so much just about yourself and your opinions.
    7/27/2004 3:19 PM | Shaq
     
    Sure thing!
    Me

    Read more...

  • Some comments on Oracle's comparison of PHP and ASP.NET

    Oracle recently published an outrageous article in a rather strange attempt to convince people that PHP is the best platform to write web applications. Not ASP.NET, which is not surprising coming from Oracle, but not Java either, which is a little more puzzling.
     
    In this blog entry, I'm explaining what I thought when I read this paper. The disclaimer on the left applies, of course: these are my own opinions, and I'm not talking on behalf of my employer.
     

    Read more...

  • Some comments on Oracle's comparison of PHP and ASP.NET

    Oracle recently published an outrageous article in a rather strange attempt to convince people that PHP is the best platform to write web applications. Not ASP.NET, which is not surprising coming from Oracle, but not Java either, which is a little more puzzling.
     
    In this blog entry, I'm explaining what I thought when I read this paper. The disclaimer on the left applies, of course: these are my own opinions, and I'm not talking on behalf of my employer.
     
    This article is completely unreal. Arguing that PHP is preferrable to ASP.NET is a very difficult exercise. I can imagine the marketing people at Oracle ordering this article and determining its conclusions even before it was written... It is even touching to see that the author can't hide all of the ASP.NET qualities nor all the problems of PHP.
    Let's read the article together and comment it along the way.
     
    First, the subtitle, "One developer's view of the pros and cons of the two most popular means of building web applications" should probably be more along the lines of "One PHP developer who has no clue what ASP.NET is reviews what he thinks are the pros and cons of the two most popular means of building web applications". I've built applications for years with both systems before I was hired by Microsoft, so I can probably spot most of the many voluntary or unvoluntary errors and inaccuracies in the text.
     
    In the first paragraph, the author tries to convince us that PHP and ASP.NET fall into the same category of web platforms that "[embed] code into HTML pages with special tags that signal to a preprocessor that they contain code, and that it should do something with it". This is true of PHP, but not of ASP.NET, where the code can, but should not be in the HTML markup. Instead, a well-written page would have a declarative or templated part (the aspx file) and some codebehind (or not) that orchestrates the controls and communicates with other layers of the application if there are any.
    So whereas PHP follows the flow of the page and inserts dynamic text in some places, ASP.NET separates the code from the declarative markup and has a much richer page lifecycle. Most important, in ASP.NET, the execution flow is distinct from the markup's flow.
    This difference is absolutely fundamental and differentiates a platform that encourages spaghetti code from one that encourages good design and separation of concerns.
    The author also tries with this simple sentence to have us believe that the "special tags" of PHP and ASP.NET are equivalent. Nothing could be more wrong: while PHP only has tags to signal the limits of the server code from the rest of the markup, ASP.NET's tags are really abstract representations for full-blown controls that embed complex behavior (such as treeviews, grids, etc.). While one forces you to output raw HTML, the other enables you to use familiar widgets like those that you would expect from a desktop application framework. Using PHP to create web pages is a little like creating desktop applications with a tool that would force you to draw every control using dots and lines (just a little, I'm pushing the analogy: PHP is not THAT bad). Abstractions are good.
     
    The second paragraph is very touching because the author explains us why he is so biased. No comment.
     
    So what is ASP.NET to Oracle (except for a menace)?
     
    "ASP.NET works with scripted languages such as VBScript, JScript, Perlscript, and Python, as well as compiled languages such as VB, C#, C, Cobol, Smalltalk, and Lisp". Wrong. ASP.NET works only with compiled languages such as VB.NET and C#. There are .NET compiled versions of "scripting languages" like Perl, JScript or Python, though, and that's probably what caused this confusion.
     
    The next paragraph is more or less accurate, but let's note for later that the author is aware of the fact that the .NET class library contains classes that do "image manipulation". Later, he'll tell us that "with ASP, however, you're investing from the very beginning, and you're spending for add-on technologies—libraries for doing graphics manipulations, for instance".
     
    "in ASP.NET, integration with databases can be accomplished through ODBC". Technically, he's not lying, here, but he fails to mention that ODBC is just one of several ways to access a database, the one that should be used only if all other options are impossible. There are direct providers for Sql Server and Oracle, and third parties offer native providers for all major databases (including an Oracle provider for Oracle databases, in addition to the MS provider). Most importantly, these APIs derive from a common base, which makes it almost equivalent from a developer's point of view to develop against Sql Server or Oracle, or any other database. Whidbey also makes it a lot easier to make your code database-agnostic (like, I have to admit, Mono did before us). More on this later.
     
    "ASP.NET's strength lies clearly in its clean design and implementation. It is an object-oriented programmer's dream, with language flexibility, and with sophisticated object-oriented features supported. In that sense, it is truly interoperable with your programmers' existing skills. Another strength of ASP.NET is the development environment." Say no more. ASP.NET rules! Oracle says so!
     
    But don't worry, the next sillyness is in view: "But what you gain in robustness, you pay for in efficiency. ASP.NET is expensive with respect to memory usage and execution time, which is due in large part to a longer code path."
    Oh? Really? What backs these gratuitous affirmations? Execution time? Can we have some pointers to check that? Because as far as I know, a web platform that is natively compiled and that has built-in page and fragment caching is very likely to be faster than a scripted, non-cached platform. Of course, you can compile PHP using a free tool, but it's an afterthought. And you have to pay for the page caching solution, whereas it come for free with ASP.NET.
    I can see where the memory thing comes from. It is true that if you open the task manager on a server that's running an ASP.NET web site, you could be a little frightened by the amount of memory ASP.NET uses, if you know nothing about servers. Guess what! Memory that's not used is useless. The rational thing to do on a server is to use the memory you have (to cache stuff, for example). The quantity of memory that's used by ASP.NET can be configured in machine.config if you feel you can tweak it better than the default setting (which you usually can't, that's why  it's the default setting).
    The performance of ASP.NET is certainly sufficient for "small traffic" sites such as Microsoft.com, MSN, match.com, etc...
     
    The "What is PHP" section is focused on database access, but fails to mention Sql Server as a possible database for PHP (this is an Oracle paper, after all).
    It tries to convince you that database abstraction is bad (just to tie you to Oracle, but you got that part yourself) because you so badly need these marvelous Oracle features: LOB, BLOB, CLOB and BFILE.
    This coming from the same people who will explain later that OS independance is an absolute necessity...

    So let's summarize:
    Oracle dependance: Goood!
    Microsoft dependance: Baaaad!

    Seriously, database independance is an important feature for many modern applications.
    Due to the uncoordinated development by different teams, the database access libraries in PHP have been notoriously inconsistent to the point where the code you'd write to access a MySql database is different from the code you'd write to access a PostgreSQL database. Not in the SQL queries, which is more or less normal, but in the actual PHP code! So other people have developed so-called database abstraction layers (dba, odbc, etc.)... which do not work with all databases, and are of course largely inconsistent with one another as well as with any specialized provider.
     
    In the "strengths and weaknesses", we only see weaknesses, except for platform independance (but not database independance), open-source development (if you happen to consider that as a strength), and "a smaller code path," whatever that means.
    He misses a few other important weaknesses, like the fact that its library is terribly messy, being a function library instead of a hierarchical class library like that of .NET or Java, and having horrible names (can you guess what readline_completion_function does? It "Registers a completion function". Yes, I know, that's not very much clearer, but this is the kind of documentation you get with PHP: no sample, no clear explanation).
    The author then goes on to showing us how great the new PHP5 is (whereas to say the truth, it barely gets where Python was years ago). The code example is absolutely hilarious. Anyone writing this kind of code in a job interview with me would be politely but immediately shown the door. I have to show you:
     
    class blue {
     
      function openFile ($inFile) {
        if (file_exists ($inFile)) {
          # code to open the file here
        } else {
          throw new Exception
     ("Cannot open file: $inFile");
        }
      }
    }
     
    $blueObj = new blue ();
     
    try {
      $blueObj->openFile ('/home/shull/file.txt');
     
    } catch (Exception $myException) {
      echo $myException->getMessage ();
     
      # rest of exception handling code here
    }
     
    Do you really think you should throw an exception to test a perfectly normal application error condition? Shouldn't you throw and catch something more specific than Exception? Shouldn't openFile be static? This code sucks. Just write this instead:
     
    $fileName = '/home/shull/file.txt';
    if (file_exists($fileName) {
      #work with the file
    } else {
      echo "File: $fileName does not exist";
    }
     
    If this is how you explain the benefits of OOP and structured exception handling to PHP users, we'll just get unamageable and ununderstandable object-oriented spaghetti code instead of plain unmanageable spaghetti code.
     
    I'm skipping the "security comparison" FUD for now, I'll get back to it later. Let's go directly to the "database coding examples" section.
     
    "With ASP.NET, however, it's a little more complicated, because you have the option of any of a number of languages to choose from." How that makes it more complicated and how it has anything to do with database programming elude me completely.
    Let's look at the code sample. The PHP code does absolutely nothing except create and destroy a database connection (please note the "very elegant" error handling code, though). The destructor prints a useless message for no identifiable reason.
     
    class oracle_object {
      protected $theDB;
      protected $user;
      protected $pass;
      protected $db;
     
      function __construct($u, $p, $d) {
        $this->user = $u;
        $this->pass = $p;
        $this->db = $d;
      }
     
      function db_open () {
        $theDB  =  @OCILogon($this->user,  $this->pass,  $this->db);
        db_check_errors($php_errormsg);
      }
     
      function db_close() {
        @OCILogoff($theDB);
        db_check_errors($php_errormsg);
      }
     
      function __destruct () {
        print ("so long...");
      }
     
    }
     
    Many things can be said about this code: the fields are not encapsulated, and it is generally not a good idea to open a connection if you're not going to use it right away (because of connection pooling), so if you write a database access helper class, opening and closing the connection should be done just around the request to the database itself. At least in .NET where the connection pool is automatically managed.
    And now, the VB.NET code that is supposed to be equivalent to the one above:
     
    Imports System
    Imports System.Data
    Imports System.Data.OracleClient
    Imports Microsoft.VisualBasic
     
    Class Sample
     
      Public Shared Sub Main()
     
        Dim oraConn As OracleConnection = New OracleConnection("Data Source=MyOracleServer;Integrated Security=yes;")
     
        Dim oraCMD As OracleCommand = New OracleCommand("SELECT CUSTOMER_ID, NAME FROM DEMO.CUSTOMER", oraConn)
     
        oraConn.Open()
     
        Dim myReader As OracleDataReader = oraCMD.ExecuteReader()
     
        Do While (myReader.Read())
          Console.WriteLine(vbTab & "{0}" & vbTab & "{1}", myReader.GetInt32(0), myReader.GetString(1))
        Loop
     
        myReader.Close()
        oraConn.Close()
      End Sub
    End Class
     
    Why are they skipped lines in there? To make the code seem longer? And who wouldn't notice that this code does a lot more than the PHP code?? It opens a connection, queries the database and outputs the results before it closes the connection. So what does this prove? Absolutely nothing.
     
    It should be pointed out that displaying database data in a table in ASP.NET Whidbey is as simple as that:
    <asp:SqlDataSource runat="server" ID="myDataSource" DataSourceMode="DataReader"
      ConnectionString="<%$ ConnectionStrings:MyOracleConnectionString%>"
      SelectCommand="SELECT CUSTOMER_ID, NAME FROM DEMO.CUSTOMER" />
    <asp:GridView runat="server" ID="MyGridView" DataSourceID="myDataSource"/>
     
    Of course, this is the quick and dirty solution, and you can substitute an ObjectDataSource to the SqlDataSource if you have properly defined your own DAL, business and service layers.
     
    Now, let's "make a choice"... The author pretends to think that "[PHP's] only weakness is its lack of a pure and perfect OOP implementation". Err, see above. He then says "Though language constructs do help, ultimately, good coding is a matter of practice, execution, good habits, and discipline". Sure, but what if you are incapable of that? I'm not pointing to anybody... Oh well, yes I am.

    We now can read a very informative (not!) table "summarizing" the weak and strong points of each platform. The criteria that have been chosen are completely arbitrary, as well as the "values" in the table (what do $$, weak or strong mean? Is it something that I can measure? How much is $$?). We also note that ASP.NET security is "strong" whereas one of the main points against it according to the author is precisely the security. Consistency anywhere?
     
    Price. ASP.NET is free, and the TCO of Windows Web Server Edition can be favorably compared to that of a LAMP approach (see http://www.microsoft.com/mscorp/facts).
     
    Speed. I really don't know. I have yet to read a performance study that compares PHP and ASP.NET performance. If anyone knows one, I'd be happy to talk about it. The article does not point to such a study. PHP has a reputation for speed, as does ASP.NET.
    "Speed is not the only consideration. Memory usage is also important." See above? Why is that important? We won't find out from the article.
     
    Security. This is my favorite part. After all the usual FUD about IIS security, the author gives us a link to a site that proves him wrong. This is very nice of him. Let's follow the link to www.securityfocus.com and do less than 5 minutes research. First, let's do a search on IIS 6. The first article that comes out has this to say about IIS:
    "[IIS] provides a reliable and secure infrastructure to host web applications."
    Then, let's look for vulnerabilities: choose Microsoft / IIS / 6.0. Results:
    1 (One!) x-site scripting vulnerability in a web administration tool that's not even installed by default
    And three for ASP.NET
     
    OK, let's do the same for Apache 2. Results:
    25 (Twenty-five!) vulnerabilities, including DOS and Buffer Overflows
    Wow, that's a lot! Let's look for PHP 4 now... Results:
    19 (Nineteen!) vulnerabilities, including integer overflows, arbitrary file disclosures, cross-site scripting, etc.
     
    Is this guy so stupid that he really thinks noone will click his link and verify what he claims? Or does he think his readers are stupid? In either case, I wouldn't give him a web site to develop...
     
    Cross-platform applicability. Sure, if that's really paramount to you, choose J2EE ;) at least for the moment...
     
    Open-source opportunity. Sure, if that's important to you. If consistency and accountability are more important, then I guess that's a different story.
     
    And of course, one thing you won't hear about in Oracle's article is developer productivity. ASP.NET is the platform that will make your web developers the most productive, because it manipulates higher level abstractions, it handles all the plumbing for you and it encourages reusable code. But Oracle doesn't want you to know about that.

    Read more...

  • Are the UI layers disposable or should they be as easy to maintain as other layers?

    The discussion began in french on the www.dotnetguru.org web site, but was unfortunately deleted by the administrator of the site because of a few aggressive comments.
    I wish to continue this discussion here.
    I'll post my own reflexions as soon as I have time to rewrite them or the DNG admin sends the deleted thread to me.
    Please feel free to post your own and stay courteous. I'll delete all offensive comments, but only these.
     
    Update 6/23/2004 19:00: Sami Jaber contributed to the debate through a blog entry. Thank you Sami (I would have liked to get my texts back, but I appreciate the effort). I'll try to answer his argumentation:
    Sami explains that the UI layers are less stable because the lifetime of the technologies that support them are supposedly shorter than that of other layers. He cites:
    - In the Java world, Servlets -> JSP -> Struts -> JSF, that is 4 (r)evolutions in about 6 years. Well, I won't argue on the instability of the Java world, but no one is forced to follow every new trend.
    - POJO components (a relatively recently resurrected obvious concept: make it simple) implemented 6 years ago have remained stable, except if they followed the EJB specifications (two evolutions). Sure, an object is an object, and if it does not have any external dependancies, there's no reason why it would have to change. But this is of course an asymptotical goal...
    - On Windows, we had MFC, then WinForms and Avalon. Sure, and what was the longevity of these technologies? Well, MFC is not dead, but between it (1992) and WinForms (2001), 9 years passed. Avalon is not due before 2006, that makes at least 5 years longevity for WinForms (assuming that every one will instantly migrate to Longhorn, which I'd like, but is not very likely). That makes technology lifetimes that can very well be compared with the lifetime of the technologies underlying other layers.
    - Same thing goes for Microsoft Web technologies: ASP (around 1997 IIRC) lasted for about 4 years before being replaced by ASP.NET
    - Sami argues that writing UI layers is very complex and that it is very difficult to achieve any kind of reusability. Well, I absolutely can't agree with that. First, I've been a web developer for years before being hired by Microsoft, and reusability of UI components is one of the things I've been the most successful at, through many advanced WebControls and the MagnitSite content management platform. WebControls are a major innovation that enables great reusability of UI elements, and Whidbey goes even farther in that direction, reducing the amount of boilerplate code to orchestrate the controls to almost nothing. Now, of course, you still have to write code for the specific interactions between your graphical components, but that is also the case for other layers. It doesn't mean that there is any reason why UI would be less manageable.
    - A comment on Sami's blog points out that an IT person who would decide to migrate each application to each new trendy technology would be a fool. This is absolutely true, and the key is interoperability. I personnally have NEVER migrated a UI to a new technology. All my classic ASP sites remained classic ASP, and I developed only new applications using ASP.NET. Now, they were able to interoperate and this is what's really important. On the other hand, I've had numerous migrations of data layers to new versions or different databases.
     
    Comments anyone?

    Read more...

  • Do data source controls belong on the page?

    I get a lot of feedback on this subject (see this post if you have time for example). More and more developers are now finally getting the multi-layered application architecture concept, which is a great improvement over the situation we had even five years ago. So many of them, the first time the see data source controls on the page, go WTF is this doing in my UI layer? Even though the ObjectDataSource is here to make them feel better about it.
    Well, first of all, in ASP.NET, the Page is not the UI layer exactly. It contains the UI (the Template View, that is, the CodeFront), but it also contains some form of controller or rather Page Controller (see Martin Fowler's Patterns of Enterprise Application Architecture). So it's actually more an application surface than a simple UI surface.
    But it is also wrong to see the CodeFront as the UI and the CodeBehind (or CodeBeside) as the controller. You should see it more as the declarative part and the procedural part of the same object.
    So what did we have in v1? To bind a control to data, you had to do it from the procedural part of the page. If you were doing it quick and dirty, you were instantiating a Connection, a Command or DataAdapter, and filling a DataSet or DataReader with it. Then, you would attach this DataSet or DataReader as the data source of your controls and call databind. If you were doing multi-layered development, you were instantiating objects and binding them to the controls in pretty much the same way. It should be noted at this point that if you wanted to prototype a quick-and-dirty page and then migrate this to a multi-layered page later, you had to rewrite a large part of this boilerplate code. The designer made all this a little more confusing by displaying some of the procedurally defined components on the designer surface despite the fact that they were nowhere to be seen in the CodeFront markup.
    As framework developers, every time we see code that's copied all over any application with little variations, we have to ask ourselves if we couldn't make it declarative.
    And that's what data source controls are: a declarative way to bind controls to data. Is anyone shocked by the presence of jsp:useBean tags in a JSP page? Well, you shouldn't be any more shocked by the presence of a data source control in an ASP.NET page. On the other hand, what's wrong is procedural code in the declarative part, and you should avoid this as much as possible (it is IMHO a great design flaw in JSP to define procedural markup).
    By going from the procedural part to the declarative part, the data-binding code did not change layers, it just migrated to a different part of the same object.
    The end result is improved productivity as you don't have to rewrite all this boilerplate code. You will also quickly notice that the migration from quick-and-dirty SqlDataSource to an ObjectDataSource is really easy as there is no source-specific code. All the visual controls see is a data source, they don't have to know where the data came from. All you have to really change is the data source itself.
    But the data source controls have additional advantages. My favorite are parameters. You can add parameters to any data source. These parameters will allow you to declaratively filter the source's data according to a query string parameter, a form field, a control value or an arbitrary object value. Having a DropDownList filter the contents of a DataGrid has never been so easy: you can have such a page without writing a single line of code.
    I'm currently writing a web site with Whidbey, and my goal is to have zero code in the web site project itself. It features declaratively interchangeable data stores and a fully skinnable UI. Having zero code in the web site is not a contrived exercise, it's actually promoting good design and the good news is that it's amazingly easy to do in ASP.NET v2.
    So I'll say it loud and clear: ASP.NET 2.0 promotes good design.

    Read more...

  • VB.NET has "Using"! Hurray!

    While looking for something completely different, I found this in the MSDN documentation for Whidbey. VB.NET now has Using, which was one of the many constructs that C# had and that were missing in VB.NET.
    Let me remind you what using is. If you're using a resource that needs to be disposed of, like a connection, a stream reader or some weird unmanaged COM object, you typically have to write something like that:
    Dim A as SomethingThatImplementsIDisposable
    Try
      A = new SomethingThatImplementsIDisposable
      ' Do something with A
    Finally
      If not A is nothing Then
        A.Dispose()
      End If
    End Try
    Well, to do the same thing in C#, you would do this:
    using (SomethingThatImplementsIDisposable A = new SomethingThatImplementsIDisposable()) {
      // Do something with A
    }
    And now, in VB.NET 2005, you can do this, which is pretty much the same thing as in C#, except for the curly brackets:
    Using A as new SomethingThatImplementsIDisposable
      'Do something with A
    End Using
    This is very important because contracting the habit to use Using whenever possible not only makes your code simpler, it also makes it less error prone. And unreleased resources are one of the toughest bugs to spot because the problem does not appear during development but a lot later, usually when the application goes into production (if you're careless enough not to do any stress testing before release...) or even much later. The resources actually get released, but during garbage collection.
    As a rule of thumbs, when you see yourself writing A.Dispose(), you should ask yourself if you can replace it with a Using block, whether you develop in C# or VB.NET.

    Read more...