Wednesday, May 10
by Dan LeClair, Patrice Paré
La validation des données en profondeur (Thoroughly Data Validation)
by Patrice Paré
This is the second day of the DevTeach Conference. Ho god! What a day we had yesterday. And today’s schedule
sounds as busy as yesterday. I started my second day by attending Nicole’s session. Nicole Calinoiu has over
ten years of experience in the design and developer of data-driven applications, including over five years
working on publicly available web applications. She is a Microsoft developer security MVP. Her session was on
The information technologies rely on two things basically: data and processing logic. The data process is treating
input data and outputting them in an understandable manner for users. But the treatment becomes irrelevant when the
data are invalid. Moreover, invalid data may cause software to crash and ends the user experience.
To start with, what is Data? Data are every piece of information unknown by the program at compilation time. It may be
operating system data, configuration files, data files or input from the GUI. No data validation may increase time
debugging and development cost. Also, it may decrease performance. Nicole pointed out programmers would save time
and efforts with validation. Data validation will reduce significantly the number of bugs. It will also improve
security and data quality.
There are two ways to do data validation: the hard way and the soft way. The hard validation means you apply strict
rules before accepting data. The soft one requires the user confirmation for unusual data. Nicole gave an excellent
example to illustrate this with the date of birth. Hard validation would allow anything where the user’s age is
between 0 and 130 years old. Soft validation would prompt the user to confirm that he really is his age if he
provided something between 90 and 130 years old.
The speaker put some emphasis on four data types that should required more attention. The string type, numbers, enums,
and XML data type are often used. Strings should be tested against their length value. Numbers should be parsed using
their TryParse method. Enums should be tested with the IsDefined method and the data should be processed through a
switch/select case routine. Finally, XML should be tested against a schema. That was the most important part in that
part of the session. The schema should be an embedded resource. This way, the schema is known at the compilation time
thus it would not be considered as a configuration file.
When validation should be done? Anytime data crosses boundary level. Those boundary levels are application, machine,
assembly, class, and member. For more details and to get the Nicole’s bibliography, you are invited to download her
files on devteach.com.
SSIS Tips, Tricks and Gotchas
by Dan LeClair
This session was totally worth going to, at least for me. Having worked with SSIS
for the last several months,
I realized after sitting through Kirk’s presentation that there is quite a bit more to the product than what I
have had a chance to use.
The session was a collection of tips, tricks, and “gotchas” regarding SSIS, as well as some interesting demos.
Kirk started with a discussion of configurations in SSIS, which provide a way to set up the environment
(such as pathing) for a package before it actually runs. There is a configuration wizard that can assist in
setting these up.
Configurations and expressions are the way you build packages that are easily deployable, and Kirk stressed that
you should understand them before you start building packages!
One tip I can immediately use: SSIS packages with many connections can easily take minutes to open, as the
environment tests each one. The SSIS environment has two ways to deal with this, one being a “work offline”
setting at the global level. The other is setting the timeout on individual connection objects from the default
Among the many demos shown was one that emailed the SSIS execution log on package completion. This could be
really useful in situations where packages fail.
Here’s a tip for anyone that may be responsible for lots of SSIS package development: use template packages.
These help ensure consistency across packages, as well as increasing object reuse.
There was just so much in this session, I could easily spend a lot of bytes telling you all about it. Kirk has
a new book coming out in July regarding SSIS, and you can be sure it is on my list of things to order soon.
Programmation Ajax avec ASP.NET (Ajax Programming with ASP.NET)
by Patrice Paré
L’avenir du web, quel est-il? Sortez votre boule de cristal, votre jeu de tarot ou consulter les étoiles parce que
l’avenir du web, bien qu’assuré, peut prendre des tangentes imprévues. Certaines choses cependant doivent évoluer
à la fois inutiles et nécessaires, vers le serveur. Il semblerait que ces inconvénients soient sur le point de
disparaître. Effectivement, avec Ajax, ces maux de têtes pourraient se transformer en un doux orgasme pour les
développeurs web. De plus, selon certaines rumeurs, Microsoft aurait dans sa manche prochainement un engin pour
What are the perspectives for the web? Take out your crystal ball, your tarot cards or read the constellation of
Venus because, while the web healthiness seems pretty good, what curve will the web take is still unpredictable.
would it be a luxury to eliminate post backs that are useless yet necessary at the same time. Post back should
only happen when something visually noticeable on the form happens. Changes in data are not among them. This is
Dominic explained how classic HTTP request works and he compared it against the Ajax engine.
The Ajax engine interacts between the client’s browser and the web server. On the way back, the
signal is sent in XML format from the web server to the Ajax engine. The Ajax engine converts it into HTML/CSS
data so the browser can interpret it.
This technology is available in ASP.NET 2.0. ASP.NET 2.0 implements the basics so you don’t have to care about
different browser compatibility. It is also easy to use and is ready for Atlas. You probably wondering if some
guys have started working with Ajax. In our session, an attendee claimed he started working with it and deployed
a solution involving Ajax. But other people around the world think Ajax worth investing time. Frameworks are
available; webcontrols using Ajax are also available.
So a bunch of tools and environment is now ready for you. I recommend you to download the Zip and have a look on
how Dominic manipulates Ajax.
SQL Server 2005 Security Enhancements
by Dan LeClair
Randy made it clear from the get-go that he was only going to touch the highlights of security changes in SQL 2005.
His agenda was pretty aggressive, as he wanted to cover security design principals, the new security model in 2005,
user-schema separation, managing permissions, catalog security, and more.
The session was very informal, and a little scattered; Randy jumped around from subject to subject, and ended up
skipping some portions because he ran out of time. However, there was a lot of good information presented, not only
by the speaker, but in response to attendee questions. Randy had a good report with the audience, and everyone there
seemed to appreciate what he was presenting.
As an example, he spent some minutes discussing user-schema separation. In previous versions of SQL Server, most
objects ended up being assigned to the DBO user, to prevent broken ownership chains when object owners left an
organization. SQL 2005 introduced schemas to database construction, and changed the security model to assign
ownership to schemas (as well as users). In fact, you don’t have to have a user to create a schema. If the
ownership is granted to the schema instead of a user, you won’t have maintenance issues and/or broken ownership
chains when users are removed.
As I mentioned, there was a lot of information presented in this session, and even though some of it was rushed over,
it gave me enough to answer a couple of my own questions, as well as want to continue research later on.
Introduction to Developing for the Pocket PC
by Patrice Paré
Pocket PC, PDA, BlackBerry, PalmPilot… those new toys on the market are marvelous things, aren’t they? And you can
develop your own application for your latest acquisition. With the .NET 2.0, it is a piece of cake, I must admit,
after I saw Dan’s Session. First, Dan showed us some unknown areas of
Visual Studio .NET 2.0. I mean, I did not know I could start programming for Pocket PC or smart phone right away.
Every tool, mostly, are already there. The two missing things you absolutely want to download are Windows Mobile
5.0 SDK or SmartPhone SDK, which was made available only after the launch of .NET 2.0 and the ActiveSync 4.1 which
is a tool to get your Pocket PC synchronized with your server. Also, you may want to have the closest Pocket PC
emulator as you can by looking on your Pocket PC manufacturer web site or on third party web site.
The challenges for Pocket PC developers are well identified. You have to keep in mind two things that have come
obsolete for 15 years, memory and battery lifetime. Gee! Memory! The ratio Mb/$ has come so ridiculously low that
nobody cares about it now. You need more memory than highly efficient programs. A quick look on internet and you
could find a flash memory of 2 GB for $35. Another thing developers should keep in mind is the possibility for the
user to switch for the portrait mode to the landscape mode. Avoiding this pitfall from the user’s point of view
should win his attention.
The wide range of Pocket PC devices, their unique interface, and their connectivity type provide a rich solution
environment for developers.
Dan has one tip for everyone. Closing an application on a Pocket PC does not really close it. It merely sends the
program running in the background. You can try this out. Create a form with a combo box containing few elements.
Run the program in debug mode. Select an item, say the third one. Click on the closing icon. Have you remark that
your VS is still running in debug mode? Ok. Now, go the running programs panel and open it. You will see your program
running. Open it now. What do you see? Right! The third item of your combo box is still selected.
Thanks for that information, Dan!
Introduction to Analysis Services 2005
by Dan LeClair
This session wasn't exactly what I was expecting. Although I've done some experimentation with Analysis Services,
I was hoping for a good overview of the business intelligence features of SQL 2005. Unfortunately, Tamer’s session
was a little more basic than that.
The first half of the session was more of an introduction to BI and the history of Analysis Services. Relational
DB’s are really two-dimensional, and can’t handle the analysis requirements of multidimensional reporting. Tamer
spent some time discussing the Microsoft vision for BI, the tools required for effective BI, and what MS was trying
to accomplish with the new features of Analysis Services.
It wasn’t until much later in the session that he began to describe and demonstrate the Unified Dimensional Model
(UDM), the core of Analysis Services. He went into some of the mission critical features of UDM (availability,
serviceability, manageability), as well as some of the advanced analytics and other features of Analysis Services.
Unfortunately, I think he lost some of his audience by then. Of course, the free beer offered in-between sessions
today probably didn’t help…
While I think there was some good information presented, both in the session and in the materials, it would have
been much more interesting – to me, anyway – if he had skipped what sounded like a Microsoft sales pitch and gone
straight into the why’s and wherefore’s of Analysis Services.
Vendor Spotlight: Dynacom
by Patrice Paré
This afternoon I went to see two commercial booth. The first I went to was Dynacom. Dynacom is business offering a
complete accounting solution that gives to the users all flexibility needed to adapt the Dynacom software to their
needs. When a business buys a license it could customize its software using the Dynacom IDE. The salesmen gave a
demo and I could see that visually, Dynacom interface is pretty and reproduces the graphic environment of Windows XP.
Also, something else interesting was that the software was developed using .Net. There was 4 things that struck me.
First, you can adapt the software to meet your object data model. Next, the bug tracking module got my full attention.
Third, it was the security feature throughout the software that uses Active Directory to allow users to get and use
different user interfaces. Finally, developers can join the Dynacom community to develop plug-ins on a personal or
professional behalf. License cost ranges from free to 50000$.
Thursday, May 11
by Dan LeClair, Patrice Paré
Trucs et Astuces : Améliorer votre productivité (Tips and Tricks : Improve your productivity)
by Patrice Paré
Luc was straightforward right at the beginning of the session. People who don’t care about or don’t like VB (he was talking to
the C# programmers) were invited to leave the room anytime during the session; he would not take offence out of it. After the
doors closed behind the leavers, Luc tips and tricks were good. I have been working with VS 2005 for some times and there were
things I wonder about and other that made my twitch.
When I write my code comments, I would like to add a block of comments automatically with specific comments to put in. This is
possible. Type three commas at the beginning of your method and hit [ENTER]. The comments magically appear. They do not fit your
enterprise comment policy? You can fix that. You have to edit the VBXMLDOC.xml document. After you are done, you can save it
into two directories only. The one containing the original one is a good place, but the best place to save your XML file is
in /application data/Microsoft/Visual Studio/8.0. The technology behind it is snippet. Another snippet I like was to qickly
add a property in your class. You type the keyword property and then hit [TAB]. Visual Studio magic does the rest. Like the
other feature, you can edit it to fit your variable/property naming convention and policy.
There is one more thing I would like to talk about. Luc presented an add-in that was totally cool! It is Refactor from DevExpress.
There is a trial version available to download and a full licence version cost 100$. In the trial version, you have access to a
dozen of functionality but the full licence edition has more than 900 features. Luc presented two features I believe will improve
everyone’s productivity. The first one has the possibility to invert parameters in a method signature. Using the arrows on the
keyboard, you can move forward or backward the parameter. When you are done, the Refactor brings you everywhere in your code to
ask you if you want to apply the changes when you call that method. Of course, you can apply the modification to all if desired.
Another feature I like and would use is the capability to extract a block of code from a method and create a new method with it.
The Refactor creates a method with the right number of parameters. I think this is a very cool feature for quick code refactoring.
The visualizer in debug mode is not very explicit when it comes to objects containing other objects. You can create you own
visualizer that will show object members.
For more details, you can watch a similar demo presented at the 2005 PDC on this web site:
As for the Refactor tool, you can have more details at: http://www.devexpress.com
The Query Governor – SQL CLR In Action!
by Dan LeClair
Going to this session was such a snap decision for me that I didn't bring my laptop. And, since my handwriting has gotten so
poor after so many years of using a keyboard, my notes on this session are, well, a mess. But this was easily one of the
coolest demos I've seen in a long time.
The premise behind Richard's session was this: how to create a tool that would either allow or deny query execution, based on
the conditions of the server, the expected execution plan, and the size of the expected result set. Although there is a
query governor native to SQL 2005, it doesn't quite fit the bill. SET QUERY_GOVERNOR_COST_LIMIT x sets the upper limit of a
query's execution time in seconds, but is simply a barrier to execution, nothing more. In addition, it only really works if you
actually try to execute the query.
Richard's solution was much more elegant, in that it takes advantage of a new feature of SQL 2005 to help make a more informed
decision. SQL will now return query plans in XML format, allowing you to estimate cost of execution. This, coupled with code in the
CLR, allows both estimated cost AND counters available through the Windows PERFMON utility to be measured. Results can be returned
back to the query or stored procedure that is about to be run, which can then either execute or return an error message if
execution would be too costly.
So much cool information was presented in this session that I couldn't write fast enough to keep up. I'm going to definitely
take apart the sample provided when I get home!
Adopting Visual Studio Team System
by Patrice Paré
I attended this presentation mainly because my employer is thinking about moving in Team System. I heard a lot of it but I do
not really know the beast. Talking about Team System as a beast is not a euphemism. The product presentation leaded me to
think this is a very heavy framework that requires a machine with a lot of resources and, if your business has many developers,
architects and project managers, it could require two machines to run it properly. Also, while the speaker ending words were
still echoing in my head, I thought that the learning curve was abrupt.
The speaker spent a lot of time explaining what Team System is. Team System (TS) targets software enterprises, whether the
enterprise is a consultant or a multinational. If your organization has a well structured hierarchy, then TS will suit you
better because it embraces all roles (developer, architect, tester and DBA).
You must absolutely evaluate your development process before tending your credit card to the salesclerk. Etienne repeated
several times throughout his presentation that the TS would not answer everyone needs. I got the feeling this investment
will be time-consuming if the proof of concept is not done. Etienne said it could eventually lead developers to reject TS
because it is not a viable solution.
Champagne to everyone, TS is coming! You make your mind and TS Foundation (TSF) is the best choice for you. Congratulation!
Let’s open the box and see what’s in it. Aside TSF and SQL server 2005, you get predictability with report and metric features.
You also get something to build the future on. But what do you need? You will need a solid server running Windows 2003 SP1,
SharePoint 2.0 SP2, Visual Studio 2005 and Office 2003 SP2.
If my employer asks me my opinion on buying Team System, I will have to say that I have not been convinced Team System is the
right choice for us at this point. It just seems too big for our 15 employee business.
Writing .NET Code in SQL Server 2005
by Dan LeClair
One of the most intriguing changes for SQL 2005 is the ability to use .Net code instead of T-SQL. Peter presented a lot of
information in this session on how to do it, as well as important information on when to do it. CLR integration is supported
for all coded objects: stored procedures, user-defined functions, and triggers. In addition, there are two types of new
objects where CLR is the only answer: user-defined aggregates and user-defined types (not to be confused with user-defined
Peter spent a portion of the session going over some of the basics regarding CLR assemblies in SQL. This included a discussion
regarding security levels (safe, external-access, and unsafe), where assemblies reside in SQL, how they are injected into a
database, and do forth. Two important points stand out. One is that while a lot of the CLR namespaces and functionality is
supported, some portions (notably any visible functionality) are disabled. The second is that it is possible to create unsafe
assemblies via CLR.
The meat of the session, though, was directed at examining sample assemblies. Peter walked through examples of all five types
of CLR objects that can be created, including his favorite, the user-defined type. Of all the examples presented, this one
illustrated (to me, at least) the power of using CLR, as he had created a UDT for a date – not datetime – datatype, capable
of supporting a date range from 01 Jan 0000 through 31 Dec 9999.
Following this sample was a rather frank discussion of the pros and cons of using CLR instead of T-SQL. Basically, it boils
down to this: T-SQL should still be the language of choice for most data-handling operations, as calls to CLR assemblies do
carry a performance penalty. However, some things are just better done with the CLR.
SQL Querying Tips and Techniques
by Patrice Paré
Tips and Techniques for better and more efficient SQL queries are things I definitely need. Querying is something you do
everyday. So the better you do it, bigger gets the pay check as Richard humorously pointed out. The crowded room felt it
needed some advices on that particular matter and Richard was to please them with a series of SQL queries.
Richard started his presentation with subqueries. His examples showed numerous situation where subquerying is involved.
He made a good example with ranking. He use two methods to illustrate ranking and he pointed out a limitation of a method.
The result returned values ranking from 1 to 6 with a tied at the second place. Instead of reading
1 – 2 – 2 – 4…, the result was 1 –3 – 3 – 4... His second method corrected this glitch. Richard mentioned in his session
limitations about using cursors and he suggested to use CTE as the most effective way to do recursivity. His example
used an option OPTION (MAXRERCUSION = 2) (for instance) where the process would dig a maximum of two time in recursivity.
If the exiting condition is not met yet, but the process went through the recursive method two times, it will exit anyway.
His presentation also included crosstab and pivot, whether they are dynamic (a situation where you don’t know the number
of columns) or static (you know the number of columns). To conclude this fast time going session, Richard entertained
his audience with error handling. You can insert a Try catch SQL block:
Put some SQL here..
Put some SQL here..