Posted on

Herding Code 77: Eric Hexter on MvcConf, C4MVC, and MvcContrib

This week on Herding Code, Jon, Kevin and Scott K discuss MvcConf, C4MVC and MvcContrib with, open source and community extraordinaire, Eric Hexter. 

  • Eric talks about his role as consultant and Director of Open Source at Headspring.
  • The guys walk through Hexter’s impressive resume.   Eric is the co-founder of MVCContrib, he established the Community for MVC (C4MVC) virtual user group and is currently coordinating MvcConf, the Virtual ASP.NET MVC Conference scheduled for July.  No wonder the most popular listener question for this week was “How is Hexter so awesome?”
  • Eric takes us through the general theme of MvcConf  – “interactive” presentations around extensibility, testability and building maintainable, high-volume, enterprise applications with a focus on best practices like database migrations. 
  • Eric issues a call for speakers. Who’s interested?
  • Jon asks about Portable Areas in MvcContrib and Eric digs into the embedded view engine and synchronous message bus.
  • Kevin asks a question.
  • The guys talk about Input Builders, Dynamic Scaffolding and Fluent Html Helpers.  Jon also asks about MvcContrib Grid’s popularity.
  • Scott K asks about extending ASP.NET MVC, “Are you fighting with the framework or at least fighting with the C# language?”  Have you gotten the feeling that Scott likes a good fight?  Scott considers how and why various frameworks are developed and Eric praises ASP.NET MVC for having all of the the right extension points in place. These leads to a group discussion about the ASP.NET MVC team releasing source drops and not working in a bubble.
  • Eric and Jon talk about the MVCContrib TestHelpers and the importance of testing routes.  Hexter tells us about the UI Test Helpers built around WatiN and the benefit of strongly type views. Jon oohs and ahhs.
  • Kevin asks another question.
  • Scott K comments on SubControllers.  Eric tell us if SubControllers smell and shares the general argument against RenderAction.
  • Jon talks about model validation via data annotations and how one might test.  Eric shares some of the patterns they have established (strongly-typed views, 1:1 mapping between view and viewmodel) and how he uses data annotations for data type validation and how complex validation is handled via a command processor’s rules engine.
  • The show wraps with Eric singing about a few of his favorite things – continuous integration and testing. He pimps the early access edition of ASP.NET MVC2 in Action and Tarantino Database Migrations and announces that the Virtual ALT.Net folks and he will be open sourcing their video recording management scripts.
  • Final question, “How does Eric get so much done?”  “Automate, automate, automate!”  Of course!

Show Links:

Show notes compiled by Ben Griswold. Thanks!

Download / Listen:

Herding Code 77: Eric Hexter on MvcConf, C4MVC, and MvcContrib

[audio://herdingcode.com/wp-content/uploads/HerdingCode-0077-Eric-Hexter-on-MvcConf-C4MVC-and-MvcContrib.mp3]
Posted on

Herding Code 76: John Sheehan on RestSharp

This week on Herding Code, John Sheehan joins the cast for a conversation about his open source project, RestSharp. The gang dives into REST and .NET open source. Makes sense, right? And the show wraps with talk of OData and a MIX10-inspired Lightning Round.

  • John talks about his exciting new evangelist job at Twilio. Twillo provides a web-service API for businesses to build scalable, reliable communication apps. Wait! The evangelist is going to tell you all about it.
  • The guys quiz John about RestSharp. John talks about what RestSharp has to offer and the direction of the project. 
  • The gangs talk about the oddities of .NET open source project development – forking, closing source, project naming, boredom and a plea for project takeover.
  • Jon leads the group into dangerous territory and forces an OData discussion. Is OData good? Is it REST?  Hear what the guys have to say. 
  • K Scott dazzles us with a power-packed Lightning Round.  Don’t step away for a second or you’ll miss it!  Just like lightning.
  • John kicks off our first Official Pimp Your Stuff segment talking about ManagedAssembly – a community for .NET developers which is poised to be taken over.  Just ask.  Please.

Show Links:

Show notes compiled by Ben Griswold. Thanks!

Download / Listen:

Herding Code 76: John Sheehan on RestSharp

[audio://herdingcode.com/wp-content/uploads/HerdingCode-0076-John-Sheehan-on-RestSharp.mp3]
Posted on

Herding Code 75: Barry Dorrans on Developer Security

This week on Herding Code, Barry Dorrans educates, entertains, insults and scares us with his expert commentary on application security, threat modeling, analysis tools and common attacks.  You’ve been waiting for this show.  I just know it.  Listen in as Barry talks security, pimps his new book, and comments on his new position at Microsoft, book burnings, guns, money, proper pronunciation and Jon’s bald head.

  • Scott K shares that public facing applications and services seem to get the least attention when it comes to security – until there’s an audit. Barry talks about the lack of security education and how training should be baked in from the ground up.
  • Jon notes that folks don’t start off projects thinking about security.  First you code and then you worry about the risk.  Barry speaks to the Security Development Lifecycle (SDL) and continuous threat modeling.
  • Scott K asks if there is a security checklist which developers should consult when developing a web application.  Barry references his book, OWASP, CDE and Miter.  Barry states that can’t think like a hacker but you can think about the risks and “what happens if this goes wrong” or “I leak this information” or “there is a cross site scripting attack.”
  • Jon notes there are some security measures which are baked into the .NET Framework.  Barry talks about a defense in depth strategy and the Web Protection Library (WPL.)
  • Barry dives into a few of the security and code analysis tools like CAT.NET and FxCop which are available for Visual Studio.  But how, by the way, no tool offers a silver bullet.
  • Scott K asks where emphasis should be placed when implementing security measures.  Barry responds by putting his security hat on and assuming that all users are scum.  Trust no one!
  • The guys get into encoding rules (when and where), XSS, SQL Injection and Cross-site request forgery.  Jon asks more about the measures built into ASP.NET Webforms and ASP.NET MVC which help prevent attacks.
  • Kevin asks a question about automatic encoding by the framework.  Barry states this is a tricky solution to implement and suggests that frameworks should provide tools but developers should handle the encoding manually. Jon notes the new syntax in MVC 2 which facilitates this approach.
  • Jon asks about testing frameworks and asks Barry for a checklist of steps which developers must complete if they wish to secure their applications.  Barry rattles off a bunch of must-dos actions, pimps his book and pokes fun at American money.
  • The guys talk about RIA, Silverlight and Flash and briefly touch upon security benefits and issues.  And then they discuss social engineering security/privacy issues.
  • Scott K moves away from web applications and services.  What about client applications?  Barry talks about trusted sources, and the .NET and Java sandboxes.  And the guys speak of OS sandboxes and vitualizing applications and Code Access Security (CAS.)
  • Barry talks about FoxPro thanks to a Twitter question from @jglazano and the show finishes up with talk about blue and black hats, security snake oil and scary security stories.  But wait!  Jon remembers he wanted to talk about OpenId and the show continues with a discussion about OpenId, CardSpace and OAuth and OAuth WRAP.

Show Links:

Show notes compiled by Ben Griswold. Thanks!

Download / Listen:

Herding Code 75: Barry Dorrans on Developer Security

[audio://herdingcode.com/wp-content/uploads/HerdingCode-0075-Barry-Dorrans-on-Developer-Security.mp3]
Posted on

Herding Code 74: Javier Lozano on MVC Turbine and Composed Applications

This week on Herding Code, K Scott leads a conversation with ASP.NET Insider and MVP, Javier Lozano, about his open source project, MVC Turbine, and extensibility and composition with ASP.NET MVC.

  • Javier provides a twitter-like overview of his open source project: “MVC Turbine helps you build modular applications on top of ASP.NET MVC and that’s pretty much it.”
  • K Scott asks about the advantages of using MVC Turbine to add features to your applications. Javier talks about MVC’s extension points, controller factories, view engines, and “the blade.”
  • The guys talk about MVC Turbine’s support for multiple IoC containers and whether or not MVC Turbine is merely “IoC for IoC.”  Javier speaks of his design approach and the need to register components on the fly.
  • K Scott notes that though ASP.NET MVC has many extensibility points it may not have been built with IoC in mind. Javier talks about the pros and cons of this and how it factored into his design.
  • Scott K asks if there are any features Javier would like to implement into his project which he hasn’t been able to address because of limitations with the MVC framework.  
  • K Scott asks about Action Filters and Inferred Actions. Javier explains.  Jon comments on Inferred Actions’ awesomeness and how they really reduce your controller code.
  • Scott K asks about Inferred Actions and strongly typed views. Javier talks about how the current implementation effectively serves up static pages without a model but the ideal implementation (which is doable) would provide an inferred models and more. 
  • Scott K talks about defaulting return types.  For example, if request doesn’t include the mime type then default to Json.
  • The guys talk about general extensibility in ASP.NET MVC and how various open source applications are addressing concerns.
  • K Scott gets back on topic and asks Javier to dig deeper into filters.
  • Jon and Javier talk about MEF and how it might play a roll in MVC Turbine. Bingo!
  • K Scott notes that MVC Turbine is hosted on Codeplex and asks how it’s going?  Javier notes the source code is now hosted at GitHub, and Jon asks if recent Codeplex support for Mercurial might lure Javier back to Codeplex. The guys talk/joke about version control systems.
  • The guys talk Visual Studio 2010 versions and games of yesterday.
  • Javier turns the tables and asks the guys about their thoughts on compositions in general.  Scott K has thoughts – it’s painful. Jon states that MVC Turbine is doing it and you can use Attributes so what’s missing in the .NET framework that makes composition so painful.
  • Javier talks of folks interest in contributing to his framework, producing documentation and video, and what’s next for MVC Turbine. 
  • Jon asks if MVC 2 provides features (validation or templating, for example) which may be leveraged in MVC Turbine.
  • Lightening round! Have you used Google Buzz?  What’s the funniest comment thread you have ever read?

Show Links:

 

Show notes compiled by Ben Griswold. Thanks!

Download / Listen:

Herding Code 74: Javier Lozano on MVC Turbine and Composed Applications

[audio://herdingcode.com/wp-content/uploads/HerdingCode-0074-Javier-Lozano-on-MVC-Turbine-and-Composed-Applications.mp3]
Posted on

Herding Code 73: Daniel Plaisted on Model-Based Testing in Action on the MEF Team

This week on Herding Code, Jon leads a discussion with Daniel Plaisted about Model-Based Testing and the progressive practices of the MEF team.

  • Daniel speaks of the primary development roles at Microsoft and how the MEF team addresses testing concerns. Guess what.  Developers write tests, too.
  • Daniel talks about Model-Based Testing and validation of transitions and states.
  • Scott K is reminded of a presentation he attended at Northwest Python Day which spoke of protocol and framework testing.
  • Daniel shares the need of trim test cases to manageable sets which will still ensure adequate coverage.
  • Jon asks about mapping out the endless states that may be found when testing MEF. 
  • Jon asks about test frequency. Are tests run on each check-in?  Are they scheduled?
  • The guys address the difference test types – unit, functional, performance and stress tests.
  • Kevin asks about coordination of developer and tester efforts.  Who produces which tests and where is each group’s focus?
  • Daniel explains Exploratory Testing
  • Scott K asks about Heisenbugs and how closely testers work with developers to resolve hard-to-reproduce defects.
  • Jon asks if the MEF testers use any debug/test tools which are built into Visual Studio.
  • Kevin asks if any special considerations must be made when QAing an open source project. 
  • Daniel explains how model-based testing works well for verifying cache states.
  • Scott K asks about test environment setups and how deep the MEF testers need to dive into the bugs in order to adequately report on them.
  • Jon asks Daniel to share tips to help developers improve their own unit tests and improve broader testing.
  • Daniel talks about MEF’s beginnings. It’s not an IoC container.  Oh wait. It is.
  • What type of tester are you?  The guys speak of a recent Google Tester Blog post on tester types.
  • Kevin ask if the progressive approach which MEF takes is gaining traction throughout Microsoft.
  • Jon asks how Daniel became a tester, a Microsoft MEF tester.
  • Kevin asks how much collaborating occurs between the various testing teams at Microsoft.
  • Daniel briefly talks about Synchronization Coverage.

Note: The audio’s a little rougher than usual this week. Sorry about that.

Show Links:

Show notes compiled by Ben Griswold. Thanks!

Download / Listen:

Herding Code 73: Daniel Plaisted on Model-Based Testing in Action on the MEF Team

[audio://herdingcode.com/wp-content/uploads/HerdingCode-0073-Daniel-Plaisted-on-Model-Based-Testing-in-Action-on-the-MEF-Team.mp3]