Robert Hurlbut's .NET Blog

Carl Prothman, in his PDC summary, expresses his dislike of PDC not focusing on current technology as well as new (unreleased) technology.   

I understand your frustration regarding no sessions on current technology, but this was PDC, not Tech-Ed.  The point of PDC has always been to preview new and upcoming technologies, never to rehash older (albeit, current) technologies.  One positive note I did see regarding current technologies was the migration information for current code into Indigo.  That indicates Microsoft IS thinking of current development and how to transition into future development.

Tim Sneath has posted several excellent articles/notes from the PDC Security Symposium held today.  He may post more, but at this point, here are his notes:

SECSYM: Security Symposium I, SECSYM: Security Symposium II, SECSYM: Security Symposium III, SECSYM: Security Symposium IV, SECSYM: Security Symposium V, SECSYM: Security Symposium VI

Out of these, what struck me intially, was the note from V above:

The SQL Server security lead developer demonstrated a black hat tool circulating on the Internet that utilises a SQL injection vulnerability to expose access to the full underlying database server, allowing query of any other table on that system or any linked server for which a web application has access. He demonstrated how a simple ASP.NET page query with a filter textbox could be used to reveal all the credit card details stored in another table in the database.

This kind of application demonstrates how the maturity of attacks is increasing. It's even more important than ever before to lock down the user accounts used and perform threat modelling and penetration testing against SQL injection attacks.

Makes posts of mine like this one and this one all the more relevant.

Update:  According to Don Kiely, the tool mentioned above is Data Thief, a proof of concept (free) tool from Application Security, Inc.

Last night, I had a chance to watch/listen to Joe Long, Product Unit Manager for XML Enterprise Services at Microsoft, talk about the migration path from .Net Remoting, Enterprise Services, and Web Services to Indigo.  One of the key points was that most of the current investments in Enterprise Services (ES) and Web Services (ASMX) will carry over into Indigo WITHOUT change.

The value of that last sentence, and the value of PDC, is realized when you are developing .Net solutions now for a client.  As I write this, I am busy working on developing new ES solutions, with some porting of current COM+ unmanaged code.  We use Enterprise Services because of scalability, transactional, and security requirements for cross-machine processing.  We chose not to use .Net Remoting, and from what I am seeing come out of PDC in regards to Indigo, that was a good choice.  To me, the value of PDC at this time, even though new technology won't be available for some time to come, is that I can know today what will probably be supported or not supported for the future.  That helps a great deal.  Its a great selling point.  It lets me develop applications with the foresight (as much as we can have, of course, with alpha and almost-beta software) that these applications will work a few years from now.

Why that concern?  Because, in my consulting work, I still see (unmanaged) applications running that were written 3-4 years ago.  They are still being used.  I want to write managed code today that I can be reasonably sure will still be valid 3-4 years from now.  That is important for me, and that is extremely important for my clients.

Clemens comments that Don Box's talk on Indigo showed the importance of design and architecture, not so much in demo code, but in the content of his message:

Simply hacking up an app won’t let you play in a connected application ecosystem that’s powered by Web services. WinFX will enable better applications by simplifying coding complex applications in a big way and making developers more productive. You’ll code less. Code isn’t all that matters. Architecture matters. Negotiation and contracts matter. Design matters.

So very true.  The sense I get from reading all the material coming through the PDC blogger filters is that design and architecture do matter, and its going to get more important as we get into new development.  Very exciting!

You can find the list of PDC Sessions including updates with PowerPoint slides, demos, etc.

Clemens posts his 2-sentance definition of Indigo:

Indigo is the successor technology and the consolidation of DCOM, COM+, Enterprise Services, Remoting, ASP.NET Web Services (ASMX), WSE, and the Microsoft Message Queue. It provides services for building distributed systems all the way from simplistic cross-appdomain message passing and ORPC to cross-platform, cross-organization, vastly distributed, service-oriented architectures providing reliable, secure, transactional, scalable and fast, online or offline, synchronous and asynchronous XML messaging.

From what I have read from the keynote demos, it sounds like it was great to actually see this in action.  Nice to see all these technologies combined together.  Also, from Clemen's posts last week, it also looks like what we are doing now (with ES, .Remoting, etc.) will still hold true with Indigo. That's very good news.

Update:  A freshly-released article by Don Box on the Indigo internals.

According to Scott Hanselman, who is currently blogging Bill Gates' Keynote as I write this:

* Showing MSBuild. Holy crap it smells like NAnt.  Wow, writing these build files is xml and is 90% the same concept as Nant.  Learn and use Nant now (I say) and use MSBuild soon.

Nice.  Similar to what we are doing here.

Ian Bretherton has posted a summary of the Jeffrey Richter's CLR Internals pre-conferance from Sunday.  It was a six-hour talk on many details of the CLR plus tips and tricks on writing good managed application code.  One important tool mentioned caught my eye:

SysInternals has released a new Process Explorer which allows you to view processes hosted in an AppDomain - Jeff stated that this was the only known app that allows you to view this information.

I have used this tool extensively in the unmanaged world.  Glad to see they have updated it.  Indispensable.  Get it now.

One item of note Sam mentioned in his Rotor BOF summary

One thing I encourage people to do is look at Rotor on FreeBSD 5.1 the latest and help with any porting issues.

Since I started working with FreeBSD 4.8, I have also been receiving the latest versions, including FreeBSD 5.1.  I will also install Rotor on this version and let everyone know my test results.  I am also interested in helping with porting issues as I have been doing with Andrew regarding Rotor on RedHat Linux 8/9.

Benjamin gives some of the main points from the Rotor Futures BOF held last night.  This BOF, in particular, was one I was very interested in at PDC. 

A couple of items of note is a new Rotor version would be released after Whidbey ships.  Brad Adams attended this BOF and mentioned the CLR team makes sure that changes in the CLR don't break UNIX Rotor builds by running tests.  That's good for the research Andrew and I (and many others) have being doing lately with FreeBSD and Linux.

Also,  Brad wanted to know if anyone was interested in using the JIT compiler and making it available in the Rotor distribution -- Brad, YES, PLEASE!

Update:  Sam has a great summary as well of the Rotor BOF (as he co-lead it last night at the last minute).