Geeks With Blogs
Bill Jones Jr. MVP Visual Basic Charlotte NC - MCP C# and VB.Net - Founder and President of the Enterprise Developers Guild (.Net User Group)

Since it was our very own Ken Spencer doing a presentation on Secure Apps, it didn't matter that it started at 0'dark thirty -- I had to be there.  And I'm glad I went, even though I ended up traversing the main hall at least twice to get breakfast and get back to Ken's venue.  Main hall treks are only noteworthy because the main hall is about 10 miles long.  By the way, somebody warn Bill Plummer that the food was not worth the walk.  Without grits how can you warm up your cold eggs?


But back to Ken and company.  Yeah, I know Spence really fills a stage, but Ricky Samona from Microsoft managed to keep up, even though I was on only my second cuppa joe when he shoved C++ in my face.  Oh well, what doesn't kill ya…


The official title of the Spence and Rick show is Security Enhancements in Visual Studio 2005 and there are a lot of them.  Ken kicked off with an excellent analogy - what he calls the onion security model.  Implement security in layers, easy to peel through at first, then more difficult and then downright unpleasant as you penetrate the layers.  VS05 definitely improves our tool set but here are some stats to get your attention:


Gartner says 75% of all hacks happen at the app layer

Microsoft says 64% of developers are not confident of they can write secure code


Bill Jones says a lot of those other 36% may not "know their own limitations" -- except for the "sherruf" of course.  By the way, somebody tell Eric I got the slide deck for him.


Ken showed some VSTS (Team System) enhancements that let us set shop polices like "require clean build" before check-in.  Since FxCop is baked in now, we can even require a clean source analysis before check-in.  I assume we can "shelve" a project in the source lib if those checks fail, and it's Friday late, and sweetie is standing behind us tapping her foot wondering if we really understand the definition of "NOW!".  While I am still impressed with the Team System extensions, until we get the pricing issues cleared I'm not sure how hard to push for it.


The VS Permissions Calculator is way cool.  It analyzes your project and tells you what you need to access to run successfully.  I'm unclear exactly how it works, but we can login with lower permissions and test/debug our apps.  Again, due to the early hour or Ricky's speed, he showed the debugger flagging a permission error and the dialog gave alternatives on how to fix it.  He clicked an option and resolved the bug.  I think it bumped the security permissions up on the fly to let the app continue.


Spence showed a few of the goodies in the VB.Net My classes.  He indicated that legacy coders like the C# guys can get access by inheriting a VB class that wraps these capabilities.  Wonder if you can just import the VB classes directly from the framework?


Spence showed off that nifty Web Site Administrator wizard.  I think it's baked into VS05.  He also said something about a Wizard "wizard" that lets you create your own wizards.  Man do I need that!


Data protection API, more Role management, configuration class can now encrypt, auto test gen, and on, and on, and on.  This is a major upgrade guys.  I'm hearing the Catherman quote again and again - "When you move up to the beta you will not want to go back."


Spence summed up the entire topic with "Security is about tools, but it is mostly about people and process."  Amen, brother.


Creating Dynamic Web Sites with ASP Net 2.0 Web Parts - Andres Sanabria MS - WOW!  This was the most exciting presentation I have seen since I watched the first demo of an interactive debugger.  Oops, there I go dating myself again.  I am truly speechless on this one.  I've got the slides.  I will get the code and I will blog more about this when I get home.  If you are a Guild member, you have my personal promise that you will see this demo "real soon now".  If you are a Carolina Group leader, come see our web parts demo when we do it because you will definitely want it for your group. 


Let me sum it all up by saying that web parts 2.0 will change how we do web sites.  We can now casually allow our clients to arrange pages to suite themselves.  User Controls and server controls can easily be coded to be consumed as web parts or not.  Visual Design is now real for all our web development.  Connections between web parts is pointy-clicky and can be dynamic or static.  But what about SharePoint?  Late next year, the new SharePoint version will be completely compatible.  Off the record, a way to retrofit web parts 2.0 is in the works and recognized by all the right people as being a drop-dead requirement.  If you're not doing SharePoint now, get ready because it is coming to a server near you.


And then there was Scott Guthrie.  I missed ASP.Net Part 1, but Part 2 did some more boggling.  Scott put up two slides because every presentation needs slides.  Then he dropped into the IDE and I started getting seat belt burns from the G forces as we kept rounding corners and seeing new, really neat stuff.  Skins & Themes, Master pages, Site map (coming to the next release of SharePoint), auto navigation menu, bread crumb control, membership, role management (with and without AD), web site admin tool, WYSIWYG user controls, web parts, and internationalization made easy… again WOW!


Scott expects over 10,000 sites to go live that have been developed in beta.  The UK National Health site has been live serving millions or users without a hiccup for months.  Go to for the slides(?) and the demo code.


We've been hearing a lot about Visual Studio Tools for Office (VSTO) so I dropped in on the Ken Getz presentation.  Ken presents as well as he writes, but in this case, I became convinced I could figure out most of what he was showing us in a couple of hours if I needed it.  Don't misunderstand me, the room was packed and the presentation was showing how well VSTO works with Word, Excel and Outlook -- not Power Point or Access.  But it wasn't ASP.Net 2.0 and it wasn't SharePoint and it wasn't workflow, so it missed my sweet spot and I left early.


Back to the big hall… wonder how many miles I'll need to walk today?  Anybody on the speaker circuit for these things doesn't need an exercise program.


Bill J





Posted on Thursday, June 9, 2005 11:40 AM 6. Tech Ed 2005 | Back to top

Comments on this post: Tech Ed - Day 3 - Wednesday

No comments posted yet.
Your comment:
 (will show your gravatar)

Copyright © Bill Jones Jr. | Powered by: