July 2004 - Posts - Darrell Norton's Blog [MVP]

Application Security series finished

Craig McMurtry has finished his extensive series of articles (I started trying to keep track back here, but he quit blogging for 4 months), focusing mainly on Active Directory and application security using Active Directory Application Mode (ADAM) and Authorization Manager (AzMan).

Here are links to all of the blog posts in order:

Posted Jul 29 2004, 09:26 AM by darrell with no comments

Selecting an Agile Process

Mike Cohn, author of User Stories Applied (which has been getting great reviews on Amazon, by the way), has an excellent presentation on Selecting an Agile Process: Comparing the Leading Alternatives (PDF, 837k). It is the slide deck from a half-day tutorial he does that includes overviews of the main agile processes: Extreme Programming, Scrum, Feature-Driven Development, Crystal, and DSDM. Mike does an excellent job presenting the essence of each agile process in just a few slides, with lots of pictures (I'm a picture kind of guy). Highly recommended!

Posted Jul 29 2004, 09:10 AM by darrell with 1 comment(s)

The Golden User Rule

It should be a well-known fact that user involvement is one of the most important factors in a successful software development project. If you get the wrong user, like someone who is not representative of the real end users, then you get the wrong system. This was summed up nicely on a web page I recently read (no link, sorry!):

“The 'Golden Rule' is 'The User you need is the one they won't let you have!'”

Posted Jul 29 2004, 07:59 AM by darrell with 7 comment(s)

Bibliographical Gem

A bibliographical gem is an interesting book hidden in another book’s bibliography. Reading bibliographies is a sure sign of a geek, and the fact that I am posting something found in one kind of proves my guilt! Oh well, I have other things to worry about.

In the surprisingly long bibliography of Object Thinking is a reference to George Lakoff’s Women, Fire, and Dangerous Things. That kind of title definitely stands out from the crowd! Seeking more information, I turned to Google. James Melzer explains:

“A little background for those who don’t know: women, fire, and dangerous things form parts of a fundamental category for the Dyirbal tribe of Australia. There are four categories in their mental model:

bayi: men, kangaroos, possums, bats, most snakes, most fishes, some birds, most insects, the moon, storms, rainbows, boomerangs, some spears, etc.

balan: women, bandicoots, dogs, platypus, echidna, some snakes, some fishes, most birds, fireflies, scorpions, crickets, the hairy mary grub, anything connected with water or fire, sun and stars, shields, some spears, some trees, etc.

balam: all edible fruit and the plants that bear them, tubers, ferns, honey, cigarettes, wine, cake

bala: parts of the body, meat, bees, wind, yamsticks, some spears, most trees, grass, mud, stones, noises and language, etc.

Lakoff’s book synthesizes recent (and not so recent) philosophical work on the role categories play in human reason. I originally read it for a graduate class on classification theory.

So what’s the deal with the book’s title? Lakoff truncated the membership of the Dyirbal balan category for the book’s title. Obviously, the title had to be short enough to be easily memorable and catchy enough to grab attention, so he couldn’t list all the members. I think there is a lot more going on than simple salesmanship, actually.

Early in the book, Lakoff introduces several key concepts. Here is the fifty cent tour:

Functional embodiment, which proposes that our categories for things are sometimes arrived at automatically without any conscious thought or action on our part. These categories are generally not socially constructed, which means they are probably hard-wired into all of us as both mental models and pre-programmed interaction models.

Basic level categories, which are categories like cat, chair, and ball, that are common, easy to learn and remember, and have simple names. Lakoff reports experimental data that shows that these basic level categories are the first learned by children, the first to enter the general lexicon, and the most likely to be common across cultures.

I believe Lakoff selected his title because it demonstrates both functional embodiment categories (embodied/biological) and basic-level (common and value-rich) categories. At the same time, the three concepts that form the title already existed as a single category for the Dyibal tribesman. Add to this the catchy incongruity of the three concepts, and you’ve got a winning title.” [via James Melzer’s blog]

So basically women, fire, and dangerous things are all lumped together as a single category in the tribe’s mental model. Oh that my life could be that simple.

Posted Jul 27 2004, 06:34 AM by darrell with 4 comment(s)

Now reading...

Thanks to Jim Newkirk’s glowing recommendation, I have started reading Agile Project Management by Jim Highsmith.

Posted Jul 27 2004, 06:30 AM by darrell with no comments

Help! What should I read next?

I need some help here. I’m considering a couple of books to read after finally finishing Object Thinking (review in process). Which of the following books should I read next?

Agile Project Management by Jim Highsmith
Managing the Professional Services Firm by David Maister
Beyond Software Architecture by Luke Hohmann

Any help is appreciated. Thanks!

Posted Jul 26 2004, 08:34 AM by darrell with 14 comment(s)

Mixing Forms and Windows Authentication

Craig Andera, over on PluralSight blogs (it has a main feed now!), has a post showing how he integrated Windows and Forms Authentication for the same web application. From his post:

“The trick was realizing that if you enable both “anonymous” and “integrated” authentication for a particular virtual directory, the browser won't try to authenticate to the web server until it receives a 401 (Unauthorized) back from the web server. But you can issue your own 401 any time you like!”

Well, the trick is not that you don’t get authenticated until a HTTP 401 error occurs, that’s standard IIS security. The trick is how he issues a 401 to force the authentication:

     if (user.Length == 0) // They haven't provided credentials yet
    {
       Response.StatusCode = 401;
       Response.StatusDescription = "Unauthorized";
       Response.End();
     }

Check out the full code sample on Craig’s blog post on mixing forms and windows authentication.

Posted Jul 26 2004, 08:25 AM by darrell with no comments

Take a survey and win $100 from Amazon

Wintellect, one of WeProgam.NET’s sponsors, is in the process of conducting some research about the Wintellect brand and are hoping you can help. If you are a developer, take the quick survey, which should not take more than 4 minutes to complete, at http://www.wintellect.com/survey/. They are doing a drawing on August 1 – five people who complete the survey will each win a $100 amazon.com gift certificate.

Four minutes for a possible $100 geek shopping spree? Sounds good to me!

Posted Jul 23 2004, 06:39 AM by darrell with 8 comment(s)

FileAssert updated

Thanks to Roy’s suggestion, I added an overload to the FileAssert class that takes the filename as a string (well actually two, since there is always a method that takes the error message to be displayed as a string). This avoids you having to create FileInfo or FileStream objects if you already have the files on disk. I should have realized this since I had to setup FileInfo and FileStream objects for all my tests by reading files from disk already.

static public void AreEqual(string expected, string actual, string message)

Download the FileAssert class (it’s in the NUnitIO release) from the NUnitExtensions workspace.

Posted Jul 21 2004, 01:38 PM by darrell with no comments

TDD with a database - one good solution

If you are doing TDD with a database, you owe it to yourself to check out Roy’s innovative use of Enterprise Services to make database testing easier. The first post explains a few ways to use his method, and the second post shows when not to use it. Very valuable stuff.

Posted Jul 21 2004, 07:52 AM by darrell with no comments

FileAssert - comparing 2 binary files using NUnit

At the beginning of this month I blogged about the Code of the Month. For July the program we are looking at is NUnit. As part of the code reading, I wrote an extension (sort of) that compares two files to determine if they are equal. The code uses NUnit internally, calling Assert.Fail if the files are not equal.

The FileAssert class has two basic methods for comparing files. One method takes in two FileStreams, with an optional overload for the message if the test should fail.

static public void AreEqual(FileStream expected, FileStream actual, string message)

The other method takes two FileInfo objects, again with a message overload.

static public void AreEqual(FileInfo expected, FileInfo actual, string message)

I tried to match the NUnit coding and commenting style as much as possible. All XML comments are included (the file is C#). And of course I wrote unit tests for everything! I tested this on files as large as 189MB. On my 2.8ghz machine with 512MB RAM, the comparison took under 4 seconds. A 10MB file comparison took under a half-second.

You can download this, and other extensions coming soon, from the NUnitExtensions workspace on GotDotNet.

Posted Jul 20 2004, 11:02 AM by darrell with 5 comment(s)

Adding tests and refactoring non-TDD code

Lately I’ve been adding unit tests around a critical subsystem of the application I am working on. Luckily I had some downtime to add unit tests to cover parts of the subsystem that I did not develop (of course with TDD all of my new code was covered!). Here are some tips I’ve learned in the process.

Since the parts that lacked a test harness (my term for a set of unit tests) had been used in testing for a while, I didn’t try to figure out what each method was supposed to do exactly. I put unit tests around the class and method that reflect the current result. That way I could refactor without fear, knowing that I had not changed any of the current behavior. If parts were later found to be incorrect, I could quickly make the change in the unit test, which would then guide my bug fix coding. I consider the ability to make a change quickly if something is wrong more important than implementing fewer unit tests that were right (at the time, since we all know requirements change).

When figuring out where to add unit tests, a code coverage tool is invaluable. I frequently used NCover and a custom application that used XPath queries to select only the code coverage reports I was interested in. My subsystem was not a separate application, and it crossed several logical layers. Initially I would target those classes with no unit test coverage (there were plenty, trust me!). After that I could find untested code within otherwise well-tested methods that might be causing a problem. I did not always write a unit test, as 100 percent test coverage was not the goal. The goal was to improve the test coverage in important areas, not to exercise every unlikely error condition. If it happens later, then I’ll add it!

Management, of course, wasn’t very interested in me working without creating new functionality. So I had to create some numbers to measure what I was doing. I started with a count of the lines of code for the entire project and my subsystem, with added emphasis that my subsystem was critical to the application’s success. I also included the number of unit tests, both total and for my subsystem. In management’s view, as long as this number increases, it doesn’t matter if you refactor your tests internally. Finally I added code coverage as a percent of each logical tier and as an overall number for my subsystem. The display looked something like the following (numbers are fictional):

Lines of code

Total: 200,000
Subsystem: 75,000

Unit test code coverage (subsystem only)

Services: 72.33%
Data: 37.45%
Overall: 61.17%

Automated unit tests:

Total: 580
Subsystem: 490

I also gave reports on how many classes were added and removed, the reduction in the number of lines of code from removing duplicate code, and the number of bugs found. It also helps to bring up any incidents where the unit tests discovered a subtle bug immediately, rather than letting QA pick it up. Some of my refactoring was also to improve performance, and a simple before/after snapshot works wonders. With all this data I was able to convince management that the refactoring work was important.

Posted Jul 19 2004, 02:34 PM by darrell with 13 comment(s)

What's the best drunk code you've ever written?

Steve Hebert and I came up with this “Friday question”:

What's the best piece of code you've written drunk, on medication, etc.?

Best here can be loosely defined as good, humorous, obfuscated, commented, etc.

Mine was written under a Sudafed-induced state. Sometimes my allergies bother me so much I can’t stop sneezing until I’ve taken half-a-dozen of those little red pills. It keeps me up all night too. (My best friend’s wife is a pharmacist, so I know what I’m doing. Don’t try this at home. Side effects include drowsiness, inability to sleep, and intermittent narcolepsy. Keep your hands and legs inside the blog post at all times.) But I digress.

I was in the zone, cranking out the code. I thought I was making all sorts of great progress. Then I went to bed. The next day I woke up and encountered things similar to what these people found. I had to rewrite most of it, but it was an illuminating experience. Now when my allergies act up and the recommended dosage of Sudafed doesn’t work, it’s time to go home.

Posted Jul 16 2004, 06:26 AM by darrell with 32 comment(s)

10 ways to make your code more testable

Justin Gehtland has a good article on 10 ways to make your code more testable over on TheServerSide.NET, although I am not a big fan of mocking out the database as he does.

I think mock objects should be reserved for things your application needs to interact with that are out of the application’s control. If the database is for your application, then you should not need to mock it out. If the database is not part of your application and you are accessing it directly, you might want to read up about SOA.

Posted Jul 14 2004, 08:21 AM by darrell with 1 comment(s)

OT: Adventures in moving

You know who your real friends are when they move you a second time within a year. They know how much crap you have and remember how hot it was last year about this time when they were stuck helping you move.

I learned many things during the move. I found out that UHaul can take a reservation, but they can’t keep a reservation. Anyone can take a reservation, it’s the keeping of the reservation that’s important (Seinfeld, anyone?). I also found out that these bad boys (I had two) can do 70 on the highway. I found out that Mark likes to make mechanical contraptions with rope to lower furniture down from a second floor deck. I found out that 3 people can move an elliptical up the stairs, around a corner, and into a room (that thing was heavy!). Luckily Thomas is stack diesel.

So, thanks to Mark (+family), Paul, Thomas, my brother, my girlfriend, and my mom. You’re the best!