Talk on Tues: Moving to HTTPS

I'll be giving a talk at Sydney ALT.NET on Tues:

After recently moving the Getup site fully to HTTPS, James will share with you security pitfalls, the justification for the move from mixed HTTP/HTTPS, lessons learnt, and performance tips. A romp through the protocols of the web with riffs on status codes, HSTS, domain verification, and interesting headers. This talk could save your bacon.

From 6pm at ThoughtWorks Sydney office on Pitt St. Remember to RSVP on the Sydney ALT.NET site to help with catering. See you there!

28 07 2013

nRake Microsoft Case Study

nRake is now the subject of a Microsoft case study. Check it out here:

UPDATE: Now on the Microsoft Case Study site.

27 11 2010

Ruby 1.8 Scoping and Blocks

Quick ruby quiz.. after these two lines execute, what is the value of number?

>> number = 5
>> (1..10).each {|number| print number}

Well, number will be 10, thanks to the block being run and re-assigning the value of number. This can cause you some pretty subtle bugs if you happen to have the same name for a local/function argument, and as a variable name in a block.

In C#, the compiler is kind enough to tell you that this would be a very bad idea and give you an error.

And thanks to Sudhinda for commenting - this has been fixed in Ruby 1.9. In 1.9, the variable used as the argument in the block does not affect the variable outside the block.

23 10 2010

Azure Build and Deploy using Powershell

Started working with Windows Azure? Want to have automated build and deploy, rather than clicking around in a web console or Visual Studio?

Check out the AzureBuildDeploy repository on GitHub.

I set this up for an Azure proof of concept project. It contains Powershell scripts for simple automated packaging, build and deploy, and a dummy WCF application for deployment to the cloud. The WCF application can however be easily replaced with a web application or what ever other .NET application you would like to host in the cloud.

How to use

  • Clone or download the source from http://github.com/jcrisp/AzureBuildDeploy
  • Update the $serviceName at the top of build-package-deploy.ps1
  • Update the certificate details, and subscription id at the top of deploy.ps1
  • If you plan to use SqlAzure (as in my proof of concept), update the connection details in HelloWorldService.svc.cs. If you don't plan to use SqlAzure, just stub out the whole FindFirstGreetingUsingSqlAzure() method by returning a string.
  • Test out deployment to the cloud (run build-package-deploy.ps1). You can ensure it is working using the sample client in the repository.
  • Now you've got everything working, replace the dummy WCF application with whatever you want.

Notes
In my experience, the deployment of a simple application via these scripts, Visual Studio or the console takes about 16 minutes, from start of deploy to the service able to accept clients. This is extremely slow - I hope it improves!

15 08 2010

ACS Alm Talk: Presentation Wrap Up & Slides

Thanks everyone who came along last night. It was a fun session, with a lot of lively discussion, especially around project management and software design. As mentioned during the talk, you might want to check out nRake for .NET builds and psDeploy for Powershell deployments. Here are the slides from the talk. If you have any more questions or areas to discuss, please feel free to drop me a line.

3 06 2010

ACS Talk: The Ultimate ALM Environment (circa 2010)

I'll be giving a presentation at an Australian Computer Society Special Interest Group on Wed 2 June, 6:30pm. More details here.

The abstract is:

Application Lifecycle Management (ALM) covers the whole software development lifecycle and associated processes including project management, business analysis, testing, build and deploy and development. Based on experiences in the field on projects with ThoughtWorks and consulting with other teams, I will describe what I consider to be the ultimate ALM environment, using an agile approach and techniques. This talk will cover goals, assessment criteria, practices, tools, and physical workspace design.

Hope to see you there!

31 05 2010

nRake now on IronRuby

nRake, the premier project and build template for .NET projects using the Rake build system now has a branch for .NET4 using IronRuby. Projects are also updated to VS2010 format, and Albacore gems are now updated to 0.1.5.

Check out the IronRuby .NET 4 branch of nRake.

or the check out the IronRuby .NET 2 / 3.5 branch of nRake.

Master branch is still using MRI ruby 1.9. However, plans are to change over to IronRuby for master branch in the future. IronRuby is now performing well enough and sufficiently compatible to support .NET builds. IronRuby has advantages around size (smaller download) and more exciting interop possibilities with .NET code.

25 05 2010

Podcast from ALM Conference

At the ALM Conference, Richard interviewed me for a podcast on the Ultimate ALM Environment circa 2010 as well as a little on build and deployment automation. Check out the podcast on Talking Shop!

27 04 2010

Australian ALM Conference, and slides from ‘The Ultimate ALM Environment circa 2010’

The inaugural Australian ALM Conference has been an interesting 2 days. The first day had a number of insightful talks, especially interesting to hear Sam Guckenheimer on how Microsoft has been reshaping their internal development practices into a more agile model. Today, I enjoyed Richard's agile adoption talk (hear hear!) and the other highlight was the last presentation of the day, explaining what's gone into the design of the new Windows 7 Mobile OS (though some things still seem under wraps). Also a pleasure to catch up with some old friends at the conference.

Conference organisation was very good (thanks to Anthony Borton and his team). The focus was very Microsoft centric, but next year, the plans are for a much wider variety of content. Lunar Park was a cosy conference venue and fun to go outside during the breaks and see kids screaming on rides and the sun shining on the bridge and harbour.

My presentation was 8.30am this morning (aargh!) but despite the early hour, there was a reasonable turn out and quite a few interested people asking questions. The plan was to co-present with Jason Yip, but he was called away to Perth so I presented solo. Unlike most other presentations at the conference, Visual Studio and TFS were barely mentioned. Instead I focused on current problems in each area of ALM, coming up with a criteria to assess this area, and what we usually do on projects to meet this criteria - eg, story walls, story maps, automated build and deploy etc. You can find the Powerpoint slides here. The slides are promises for a conversation (ie, mainly images with some notes), so don't hesitate to contact me if you want to chat.

Also, thanks Richard for this photo from the presentation:

James Crisp presenting ‘The Ultimate ALM Environment circa 2010′

14 04 2010

nRake – Rake builds for .NET

Fed up with XML based builds that are hard to maintain, refactor and extend? Rather than trying to fix this with more xml and community tasks, or re-invent the wheel, let's use Rake. Rake is a mature build system developed by the ruby community which can be applied equally well in the .NET world.

To help you get started quickly, I've put together nRake. nRake provides a template C# .NET solution with a nice directory structure (src, tools, lib, etc), a Rake build, NUnit tests, templated app and web configs for different environments (eg, dev, uat, prod, etc) and Continuous Integration server sample config files. It comes with everything you need - no additional libraries or downloads required, and all the plumbing work has been done for you.

How to use

  • Git clone or Download nRake as a Zip
  • Rename PlaceHolder app and tests to reflect your project
  • Run rake in the root of the project. This will clean, compile, template config files and run unit tests.
  • Start developing your app! How easy was that 🙂
  • Note: nRake currently uses Ruby 1.9 since IronRuby start up time was prohibitively slow. Hopefully IronRuby will get faster, and then nRake can make use of it. Also nRake uses the Albacore Gem for .NET build tasks. Documentation on Albacore tasks here.

    Also check out the IronRuby update!

20 03 2010

Slides & Code: Securing your MVC site against Code Injection and X-Site Scripting

Here are the slides and code from yesterday's talk at Sydney ALT.NET.

See Steve Sanderson's post for the code/binary for subclassed aspx compiler and more information about the automatic encoding approach we covered in the talk.

26 08 2009

Windows / .NET Dev Tools

Recently I visited a .NET dev team to take a look at design, code and processes with a view to making recommendations to improve delivery speed. One of the more minor, but easily generalisable areas is around tooling. I often find that the little extra tools you pick up can make your work significantly more efficient. Here are a few free ones I use:

KDiff3
A brilliant merge tool that plugs nicely into TFS or SVN. SVN integration is automatic from the Kdiff3 installer. TFS integration is manual, but quite easy.

Console2
A tabbed console which works well with classic windows shell and powershell. Good support for resizing, copy paste, etc.

.NET Reflector
.NET decompiler for those dlls that don't have source. There is also a great plugin that lets you decompile entire assemblies to files on disk.

Fiddler
When you're debugging SOAP or RESTful web services, Fiddler is great. It lets you see the messages sent / received and even change and impersonate them.

QueryExpress
If you've got SQLExpress or just no tools installed, QueryExpress is a tiny (~100K) and quick query analyser style application for all breeds of MS SQLServer. Download in a few seconds, and be running queries before a minute is up.

Unlocker
Don't you hate it when Windows gets its locks in a mess and you can't delete/rename files? Unlocker will automatically pop up, show you which applications are holding file locks and let you release the locks.

Process Explorer
A more powerful and accurate Task Manager application which allows you to see file locks and many other types of information.

18 08 2009

Talk: Securing your MVC site against Code Injection and X-Site Scripting

I'll be giving a lightning talk on securing your ASP.NET MVC site against code injection and x-site scripting next Tuesday 25 August at the Sydney ALT.NET group. I'll be demonstrating potential pitfalls and dangers of arbitary code injection, and how you can protect against it, elegantly. We've got 6 interesting talks lined up for the night. See you there!

18 08 2009

Green & Red Local Builds (adding colour to the local build process)

build.JPGWell, who doesn't write tests and do continuous integration (CI) these days? Whether you use one of the many Cruise Control variants, or Team City or some other tool, you most likely get a handy colour coding of builds as either green or red (ie, good, or bad). But, you can take this a step further!

redbuild.JPGOften on .NET projects, we have a little batch file that we run before checking in (often with a pause at the end so it can be run from a shortcut), to confirm that no tests are broken locally. Well, it's not much fun peering at the ugly Nant output (or whatever build system you use). Instead, it is quite easy to add a couple of lines to your batch file and change the colour of the console to bright Red or bright Green depending on the success of the local build. It is great for telling what the result was at a glance. I can't claim credit the idea - it was something we used at EDI for our custom build system, but here's some batch file code I whipped up which I can claim is all mine, every last GOTO of it! Enjoy 🙂

The following code uses NAnt, but you can replace it with MsBuild or any other build tool that returns a status code.

@echo off

color 07

tools\\nant\\NAnt.exe -buildfile:mybuild.build %*

IF ERRORLEVEL 1 goto RedBuild
IF ERRORLEVEL 0 goto GreenBuild

:RedBuild
color 4F
goto TheEnd

:GreenBuild
color 2F

:TheEnd
pause

20 11 2008

Slides from ACS REST Talk

Thanks to everyone who came along to the REST talk at ACS tonight. Here are the slides. They are quite a big download (10mb) as a result of all the images. When you review them, you might want to turn on the "Notes" view as I've added some text to go along with the image based slides.

1 10 2008