June 2008 - Posts
While in Chicago to speak at PHP | Tek, I got to do a Podcast (in a bar) with on of the The Thirsty Developers
I hope you will [ CLICK HERE ] and listen !
I got an email last night from Eduardo.
Eduardo "Love's VB.NET", but is concerned about his long term career prospects because he keeps hearing about C#.
The Pie Chart from the Telerik Survey suggests that C# has surpassed VB.NET as the .NET language of choice. For the record, I don't think this accurately reflects the division. I would guess that it's more like 55% VB.NET and 45% C#.
People ask me all the time why I choose VB.NET instead of C# for my videos. The truthful answer is, I don't. I use VB because ScottGu asked me to use VB.NET.
At first, I was a bit queased out :) - I first started programming in "C" in 1978 and C++ in abut 1988-1989. So languages of "C" flavor like Java and C# are just familiar to me.
It took me about a week before I was I stopped thinking about the syntax I was coding in.
I just don't think the choice between C# and VB.NET really matters.
The one statistic that does matter is that companies seem to be paying C# developers more than they want to pay VB.NET developers. I suspect that this statistic, like most, is irrelevant if taken on face value alone.
It's possible, even probable that the C# programmers they hire have more of a systems programming background in C++ or an enterprise development background in Java so that C# is the syntax flavor of choice, but that flavor choice is a byproduct of their skill set and it is that skill set that earns them more money.
If a company pays C# developers more than VB.NET developers for no other reason than syntax choice, I'd probably choose to work for another company as I prefer to work for really smart folks :)
I'd be surprised if anyone could suggest a business application to me that REQUIRED it be written in one language over another (at least for non-business reasons.)
To me, the choice between VB.NET and C# seems a much less significant one than the industry seems to want to make it. It's a stylistic choice. A philosophical choice. Even an artistic choice. But not really a NECESSARY choice.
Sure, TO ME, C# code "looks better". And FOR ME, coding in VB.NET is a bit faster. Since I'm happy to switch back and forth, I lean toward building class heavy back ends in C# and front side stuff in VB.NET (though not always).
The power is in the .NET framework and in the productivity of Visual Studio. Does that make VB.NET and C# just the duck tape that ties them together ? :)
Below are some links to articles that discuss the VB.NET versus C# issue.
In the mean time, Eduardo, write great applications in which ever language best suits you and let those applications be the strength in your resume. Not the syntax flavor they are written in.
Murray "Flash" Gordon has a great VB and C# Comparison on his blog [ Click HERE ]
Wikipedia also has some good information. [ Click HERE ]
Nigel Shaw has a good article at The Code Project with some sound conclusions. [ Click HERE ]
Jeff Atwood at Coding Horror also has a good post. [ Click HERE ]
The Pie Chart above is from the Telerik Survey [ Click HERE ]
Most people haven't had a chance to play with Microsoft Surface.
It's one of the coolest technologies in a long time !
[ Click HERE to watch the video. ]
While at TechEd 2008 I got to spend some time in the "Fish Bowl" with Georgeo Pulikkathara.
Georgeo interviewed me on Microsoft's Secure Development Lifecycle (SDL) and my upcoming Developer Security Activities.
Please [ click HERE ] to check out Georgeo's blog post and [ Click HERE ] to have a listen to the show.
ComponentArt releases Charting 2008.1, introducing advanced AJAX interactivity, dual 3D rendering engines, and a wealth of core charting features.
Grate for AJAX style data visualization !
Visit the Charting Gallery for live demos.
Microsoft has released an advisory for the recent SQL Injection attacks which points to several tools that will help identify and block these type of attacks. The goal of this blog post is to help our audience identify the best tool depending on their role (i.e. Web Developers vs IT administrators). Currently, there are three tools available which serve different purposes and they complement each other.
Web developers Recommendations
· The Microsoft ® Source Code Analyzer for SQL Injection is a static code analysis tool that identifies SQL Injection vulnerabilities in ASP code (ASP pages are the ones that have been under attacked). In order to run this tool you will need source code access and the tool will output areas vulnerable to SQL injection (i.e. the root cause and vulnerable path is identified). In our view fixing the root cause of the bug is the best way to eradicate vulnerabilities. The tool scans ASP source code and generates warnings for first order and second order SQL Injection vulnerabilities.
IT/Database administrators Recommendations (Web developers can benefit from this as well)
We are recommending two tools, one can help identify SQL injection vulnerabilities by crawling the website (for example, when access to the source code is not possible) and the other one aims to block potential SQL injection attacks.
· HP Scrawlr, developed by the HP Web Security Research Group, will crawl a website, simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities (Microsoft has worked with HP in this effort). Scrawlr uses some of the same technology found in WebInspect but has been built to focus only on SQL Injection vulnerabilities. This will allow an IT/DB admin to easily find vulnerabilities similar to the ones that have been used to compromise sites in the recent attacks. No source code is required to run this tool. From a starting URL, the tool recursively crawls that URL in order to build up a site tree that will be then analyzed for SQL injection vulnerabilities. For more information check out https://download.spidynamics.com/products/scrawlr/
· Second, in order to block and mitigate SQL injection attacks (while the root cause is being fixed), one can deploy filters using URLScan 3.0. This tool restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, UrlScan helps prevent potentially harmful requests from being executed on the server. Basically, it uses a set of keywords to block certain requests (i.e. the request will get drop and never processed by SQL) That said, we highly encourage fixing the root cause of the problem instead of attempting on producing a perfect filter that will block all type of attacks (since in our view this is not possible and error prone).
The following table summarizes the pros and cons of these tools.
Microsoft Source Code Analyzer for SQL Injection
Identifies SQL Injection vulnerabilities in ASP code through static code analysis.
Identify the root cause of the bug at the source code level.
This version currently only works on ASP pages
Detect SQL vulnerability by crawling a website.
No source code is required.
Cannot identify the line of code responsible.
UrlScan v3.0 Beta
Blocks the types of HTTP requests that Internet Information Services (IIS) will process.
URLScan filter can be easily deployed to mitigate SQL injection attack while the root cause is being fixed.
Not fixing the root cause, thus the risk has not been eliminated completely.
Since most of us Geeks are caffeine addicts......
"Coffee consumption has been linked to various beneficial and detrimental health effects, but data on its relation with death were lacking," says Esther Lopez-Garcia, PhD, the study's lead author. "Coffee consumption was not associated with a higher risk of mortality in middle-aged men and women. The possibility of a modest benefit of coffee consumption on heart disease, cancer, and other causes of death needs to be further investigated."
[ Read the article HERE at Science Daily. ]
This years Reader's Choice Awards conducted by ASPnet Pro Magazine showed some great appreciation for DevExpress' recent work.
Their awards included.....
Product of the Year - DXperience ASP.NET
Best Component Set - DXperience ASP.NET
Best Grid - ASPxGridView Suite
Best Add-In - CodeRush with Refactor! Pro
Best Printing/Reporting Tool - XtraReports Suite
Best Charting - XtraCharts Suite
Best Navigation Suite - ASPxperience Suite / ASPxNavBar
Best Online Editor - ASPxHTML Editor
Best Scheduling/Calendar Tool - ASPxScheduler Suite
Check them out at: www.devexpress.com
Baseline Magazine [ Click HERE ] has outlined the 5 Big Security Threats that Anti-virus software and firewalls MISS.
1 Trusted Users and Partners
2 Web Application Vulnerabilities
Gartner estimates that 75 percent of today’s attacks are carried out through the application layer.
Many of these application attacks are conducted through quickly coded Web applications, with little or no security baked in.
Yet these Web apps are often connected to some of the most sensitive databases businesses own.
3 Missing Devices
4 Custom Malware
5 Social Engineering
[ CLICK HERE to read the whole article. ]
Today the XNA Team has launched Dream-Build-Play 2008.
In Dream-Build-Play 2008 you can build your dream game to compete with other game developers around the world. This year’s contest will feature Xbox360 development only and to ensure that everyone has access we will be giving away one free 12-Month XNA Creators Club Trial membership to everyone that registers. Contestants will compete for $75,000 in prizes and the bragging rights to say their game was the best. Additionally, one of the top ten finalists will win an opportunity for an Xbox LIVE publishing contract. For more information log on to www.dreambuildplay.com
· The XNA team has launched Dream-Build-Play 2008.
· $75,000 in prizes and the chance to receive an Xbox Live Arcade Contract.
· Create and deploy Xbox360 games using XNA Game Studio 2.0
· Everyone who registers will receive a FREE 12-Month Trial Creator Club Membership
More Posts Next page »