Deconstructing the TFS 2010 Default Build Template


When you create a new team project in Team Foundation Server 2010, there is one directory created automatically in the team project’s home in source control: BuildProcessTemplates. In that directory there are 2 – 3 Windows Workflow xaml files depending on if you have Lab Management installed or not. The one that is most used and the one I will concentrate on in the next series of posts is DefaultTemplate.xaml.  If you want to really customize your builds, you need to know the Default Template inside out.

From Art Form to Engineering Discipline?


This is the title of a new paper that is to be published in the IEEE Annals of the History of Computing by Christopher McDonald.  This paper starts to answer how software processes became so formal and heavy-handed in the 70’s and 80’s.  It is interesting to see Barry Boehm advocate waterfall in the 70’s and then back away from it in the 80’s with his spiral process.  It is also interesting to see that iterative software was alive and well in the late 80’s and the Agile movement did not invent it (as many Agile zealots will want you to believe).

Following this paper’s narrative; you can see that Software Engineering was born out of the so-called “Software Crisis” of the late 60’s and early 70’s.  The answer was scientific management espoused by Frederick Winslow Taylor.  This did not work as they were comparing apples and oranges.  Taylor was dealing with the mindless work of blue-collar factories workers; while software is engaged in by highly educated, creative white collar workers.

It seems that a lot the first ideas of “Software Engineering” came from this factory analogy.  Interchangeable parts and software components is another example.  There is a reference to the quality movement in the early 1900’s that I’d like to explore more fully.

Overall, this is a good read and elucidating history of Software Engineering.  As the military’s influence on software development wanes; it becomes less relevant.  But the history shows you how we got to where we are today in software development.

CAST Study shows software industry still has a long way to go


CAST’s recently released “Worldwide Application Software Quality Study” is the first study to give real numbers, based on a good amount of data, to code quality.  This is a notoriously difficult problem to address given the millions of lines of code most applications have.  They do a very admirable job of not going too far in their assumptions; but also delivering valuable results.

A key finding for me was that code quality does not go down with increasing lines of code (p. 10); unless you are using COBOL.  Thankfully I don’t :).  What did cause code quality to go down in modern languages (Java, .Net, etc.) was module fan-out.  It seems that David Parnas’ theory of modularity has won out in modern languages; as it is encouraged in the language design.  But this has produced the un-intended consequence of developers creating too many complex dependencies between modules.

The study also puts a price tag on maintaining code that all bean-counters will love.  But is also gives real research for developers to point to for getting more time and money to re-factor code.  I highly recommend this study.

Security Vulnerability in ASP .Net — Padding Oracle Attack


All editions of ASP .Net (1.0 – 4.0) are vulnerable to the “Padding Oracle” crypto attack. Scott Guthrie has a good post about it here.  Microsoft has acknowledged the attack and is offering a work around.  There is also a post on Microsoft’s Security Research and Defense blog here.  Microsoft’s official response shows that they aren’t too happy that the hacker decided to publicly disclose the attack without telling them about it first:

We continue to encourage security researchers to coordinate vulnerability disclosure with software vendors. We believe public disclosure before a comprehensive update can be produced only leads to customer risk through criminal activity.

An actual demostration of the attack on a DotNetNuke installation to become the “SuperUser” took less than five minutes…

DotNetNuke has published their response here.

I’ll be keeping up with this over the weekend.  So come back to find out more.  I haven’t seen any attacks yet… but that will be when it get interesting….

Check to see if an assembly is strongly named.


Type sn -v NameOfAssembly.dll at the command line. It will say “NameOfAssembly.dll is valid” if it is strongly named.  It will say “NameOfAssemby.dll does not represent a strongly named assembly” if it is not.

Example:
c:\>sn -v Microsoft.AnalysisServices.AdomdClient.dll

Microsoft (R) .NET Framework Strong Name Utility Version 4.0.30319.1
Copyright (c) Microsoft Corporation. All rights reserved.

Assembly ‘Microsoft.AnalysisServices.AdomdClient.dll’ is valid

Software Architecture Viewpoints and Perspectives


In Philippe Kruchten’s seminal paper, “Architectural Blueprints—The “4+1” View Model of Software Architecture”, the idea of looking at software architectures from a number of viewpoints is put forth.  This idea is needed because architectures are too complex to fit into one diagram.  The views the Kructhen outlines are:

  • Logical
  • Development
  • Physical
  • Process

He “+1” of his model are scenarios or use cases that illustrate the architecture from a functional view.

Nick Rozanski and Eoin Woods build on that idea in their book, Software Systems Architecture.  They list a number of other viewpoints that can be used to describe a Software Architecture.  They are:

  • The Functional Viewpoint
  • The Information Viewpoint
  • The Concurrency Viewpoint
  • The Development Viewpoint
  • The Deployment Viewpoint
  • The Operational Viewpoint

They also introduce the idea of software architecture perspectives.  These perspectives take on architectural attributes that are found across viewpoints, such as security.  I encourage you to read their book and tailor it to your architecture.  It has helped me tremendously on past projects and I plan to post samples soon.

A Review of Top Book Lover Sites


I love books. For the past five years I’ve mostly been into books on software development; but I can enjoy a good book of poetry when in the right mood. 🙂 Soooo, I’ve spent a lot of money on books and nice solid oak shelves. I’ve organized my books by the Dewey Decimal System and now I want to switch to the Library of Congress system. In the process, I thought I’d see if there were any “book-lover” or bibliophile sites out there that could
a) help me out in going to the LoC system
b) find others that are into software development books (so I can find some more good ones to read).

I narrowed my choices down to three sites:

  • Shelfari
  • Library Thing
  • Good Reads

Shelfari

To get good recommendations you need a lot of users and Shelfari, I think, has the least. The best thing it has going for it are its nice visual representations of shelves. But that’s about it. No bar code scanning and the community recommendations aren’t so great either.

Library Thing

A simple site, but it does everything well. Seems to be built by librarians and people who love books and it shows. A decent recommendation system. Don’t know if it’s better than Amazon’s, but a good feature to have. They will also recommend similar members, which I really like. Overall a very good site, not too flashy, but everything I need.

Good Reads

This seemed like a good site from the outside. Lots of users, which is important. But I didn’t see any way for books to be recommended to you or to find people who have similar tastes. This is the main reason I wanted to join!! They did want to go through my gmail contacts to get their hands on my “friends”, but I can ask them myself what they’re reading. They do have a “Librarian” feature, which is similar to Wikipedia in which certain members can edit book description pages. This seemed like a good feature.

I decided on Library Thing, I’ll keep you updated on how it goes…

Oh, and here’s my list of books at Library Thing.