May 2006 – R.J. Dudley

May BADNUG Cancelled

The May BADNUG meeting has been cancelled;
Tony can’t make it tonight.

The next meeting is tentatively scheduled for June 22. Collect your
favorite tips and trick for SQL Server 2000 or 2005 and be ready to share
them. We’ll demonstrate SQL Delta, Fuzzy
Matching and a few other topics, then have a sharing session.

Thanks to TASC, we have a free license of SQL
Delta for one lucky attendee–a $295 value! If you’ve never been to a
BADNUG meeting before, this would be a good first time. We’ll have the
schedule revised shortly, and you can register through the site at http://www.badnug.org/.

“Library Gluers” Are Having Fun, Too

In his “Passionate
Programmers” post, Justin James makes a point I doubt anyone disagrees
with–hire people who truly enjoy their job. That’s not an idea exclusive
to scientists or programmers–that’s true in nearly every job, whether it’s
molecular biologist, floral designer, carpenter, doctor–whatever.

Near the middle, and just as I’m agreeing with his post, Justin makes one
statement I have to take exception with:

Programming is increasingly a matter of gluing together libraries
written by a few select people, the ones who are having all of the fun. At
this point, the places where truly interesting codesmithing seems to occur is
in the shops making development tools (Sun, Microsoft, Borland, etc.) and the
small places doing niche work. Some of the FOSS projects are extremely
interesting as well, and they have the advantage of not caring about profits,
so they are free to work on unusual and creative projects regardless of
potential market size. Anyone in between these types of environments is just
gluing together libraries written by a big-time player into a standard, boring
C/R/U/D application.

Boring, as we’ve established, is very subjective. Just because I don’t
build frameworks or controls doesn’t mean my work is boring, or that I’m a
simpleton. I really enjoy web design–it has elements of database work
(especially optimization, which can be fun), graphic design, copywriting, server
and network administration, programming, etc. I get to use both creative
and analytical parts of my mind, more so than writing just “boring old
framework code”. I think it’s really exciting to launch a new website and
see a business grow, or see an established one enhanced. It’s fun working
with graphic designers, or even getting to do some yourself. Saying
“anyone in between is just gluing together libraries” totally misses what all
goes into other types of work. It’s a little disrespectful, and sells hort
the skills and talent a different type of work takes.

Likewise, integrating multimillion dollar ERP and WMS systems isn’t a real
programming challenge, but they can be intricate puzzles. The stakes are
high, and success makes businesses and people work better. That’s my kind
of challenge!

My Programming Mantra

I read a variety of technical blogs. Some are agile, some are
pragmatic, while others are iffy, lazy, angry or corporate. Most of them
have extensively documented approaches to programming, and zealots of each
approach engange in long blog battles over why they’re right and everybody
else is an idiot. I don’t really have a name for my approach, but my
entire programming philosophy can be boiled down to a single mantra:

I will not write a Daily
WTF

This is what I repeat to myself everytime I open Visual Studio or Enterprise
Manager (“Enterprise Damager” as my network buddy Brad calls it). I like
it because there’s no rational counterpoint. No matter how many specs I
have, nor how many meetings I’ve endured, in the end, it all comes down to my
mind and its control over 8-10 of my fingers (I’m not a very good typist, so
sometimes I only use 6 fingers).

VS 2005 Speaks the Truth

When you have VS 2005 generate a strongly-typed dataset for you, it also adds
some comments as to the date and time of generation, as well as who generated
the code. Here’s one line of these comments (you’ll find this at the top
of MyFile.Designer.vb):

‘    This code

was generated by a tool.

Sometimes, truer words were never spoken…

Stored Procedures Do Not Prevent SQL Injection

There’s another sproc-or-not battle royale going on over at
CodeBetter.com. Not going there, but one statement Eric
Wise made isn’t completely correct:

First, you can be sure that no sql injection attacks will ever
occur.

That’s part of a longer paragraph, but if I read the paragraph correctly, not
taken out of context.

For the most part, Eric is correct. But, if SQL statements are
generated dynamically in a stored procedure, and in-line parameter concatenation
is part of the statement, then you’re just as susceptible to SQL
Injection. For instance, code such as

IF @orderId IS NOT NULL
select @sql
= @sql + ‘ AND order_id=’ + @orderId

would be susceptible to SQL Injection. I have
seen code such as this used (including some by as reportedly high-level DBA),
and sadly written some myself.

There’s an excellent paper on the right and wrong
of dynamic SQL at http://www.sommarskog.se/dyn-search.html;
I have a summary blog post at http://aspadvice.com/blogs/rjdudley/archive/2005/06/30/2626.aspx.

ASP.NET Control Gallery: Moved, not Deleted

The Control
Gallery at ASP.NET still exists, it’s just not on the menu anymore. It
has been moved to the Resources
Page, along with Hosts, Community Sites and Case Studies. VWDE,
Starter Kits and The Sandbox are on the Downloads page.

Alex Lowe has a short explanation in this thread: http://forums.asp.net/thread/1294935.aspx

ASP Alliance Article: Getting Started with the Club Site Starter Kit

My latest ASP Alliance article has been
published, titled Getting Started with the
Club Site Starter Kit:

Since the release of ASP.NET 2.0, several starter
kits have been released as examples of programming practices. These kits are
also good starting points for actual websites and can be valuable to novice
webmasters. This article will demonstrate how to download and install the Club
Site Starter Kit, configure a different database to prepare for a production
site and change the appearance by modifying the master
page.

There is one correction to the article–Listing 4 is incorrect.
The MasterPage filename in Figure 20 should be “caddyshack.master”, and Listing
4 should then read:

<%@ Page Language=”VB” MasterPageFile=”~/caddyshack.master”
Title=”Untitled Page” %>

Find the full article at http://aspalliance.com/839.

Easily Create a Timestamped Filename in .NET

Eric says crazy filename parsing is something else you should stop doing. If you’re creating output files, you probably need to timestamp the file name to keep the files separate. Step away from the keyboard before you do anything crazy–you can do this in one line of VB.NET:

Dim _filename As String = String.Format(“MyFile.{0}.xml”, Now.ToString(“yyyyMMddHHmm”))

SQL Prompt Free until 9/1/2006!

At the last BADNUG meeting, someone mentioned
they wished there was Intellisense for SQL Server. I said there was such a
product; Red Gate recently purchased it, and is
now giving it away until Sep. 1, 2006!

Also included in the package is a 14-day trial of Red Gate’s Dependency
Tracker, which is a wickedly-cool database diagrammer.

More information and download link at http://www.red-gate.com/products/sql_prompt/index.htm.

Rant: Bad Linkers

(I apologize in advance for anyone I’m citing below. Your intentions
were good, but IMHO, your technique leaves soemthing to be desired.)

Almost as annoying as bad-question-askers-in-forums are the click-here
people. That was bad enough on web pages, but it’s gotten worse with the
explosion of blogging.

First example comes to us from John
Cilli’s Commerce Connect. John found an article that he’d like to
share:

Before I “click here”, I’d like to know what the article is about.
Maybe it’s something I already read this morning. Maybe it’s something he
thinks is useful, but not necessarily something Id find so. No
indication. John’s blog is reputable, but whatif this is a random
blog–could “here” be a trojan waiting to infect my system? And since my
Internet usage at work is monitored, I can’t just click willy-nilly.
Chances are I’ll forget when I get home, and any benefit from the article is
lost. The article title and maybe a snippet or short abstract would be
really great (see me pat myself on the back below for an example).

John
Papa brings us our next example, but it’s more of a “Where’s Waldo:
Hyperlink Edition” style of linking. Can you see the download link
below? It’s that little tiny one labelled “Attachment(s)”, below the
Google ads and Published information. This isn’t so much John’s fault as
it is the skin designer’s. Unless John designed the skin.

So who does links well? Mike
Gunderloy does a good job, with a title and short description. Scott Hanselman as well. I think
I do article links prett well; see http://www.rjdudley.com/blog/First+Ultra+Mobile+PC+Comes+To+US.aspx for
an example.

I’m sure ~~both~~ everyone of you reading this article has seen
more than enough examples. Share some below. But don’t be a bad
linker; not in the comments, nor in your posts.

Jesse
Ezell adds one to the list. Hey Jesse, what is ‘this’?