Around 160 delegates turned out on a sunny warm English Saturday to attend the DeveloperDeveloperDeveloper day.  Judging by the comments on Channel 9 (great to see so many UK people using that site) it seems to have been a great success.  It was great to catch up with so many different people, such as Santosh Benjamin, Phil Winstanley, Ian Cooper, Mike Taulty, Jonathan Hodgson and many other blogless, but nevertheless interesting people.  Simon Harriyott moblogged the event and was kind enough to give me a lift back into Reading.  He also continued his analysis of Australian accents in IT ("data down under").

 

Although I enjoyed giving my talk 'Web Services in .NET 2.0: Solving Today's Problems' I made a fundamental mistake of staying up too late the night before the talk.  Filled with the pleasure of finally having Visual Studio 2005 installed on my laptop (Jon Rowett caught the bug as well), I got carried away crafting a flashy demo with streaming JPEG images (using IXmlSerializable) and databinding to the results of the webservice calls.  As a result I was 'dog tired' as Ian Smith noticed and didn't present as well as I would have liked.  Dave Oliver wasn't so sure of the value of using IXmlSerializable to stream a large file over web services.  Lesson learnt.  Next time I'll get a good night's sleep and focus on small, easy to understand demonstrations.

 

The highlight of the sessions for me was seeing Brian Long go through .NET debugging capabilities.  He obviously had a command of the topic, managed to demo the command line debuggers for an hour without a single typo and had a great dry sense of humour.  He's done a lot of talks with the Developers Group here in the UK, which came out of the Borland Developers Group.  I love the fact that the .NET community has benefited from so many people with Delphi experience. 

 

To finish, Jon Rowett has a good write-up of the day as does Dave Oliver and Richard says "All in all, a very worthwhile way to spend a Saturday - the kind of training day that usually would cost the best part of £1000 per participant. Something I’d definitely do again if the opportunity arose."

 

Thanks again to Craig Murphy for taking the lead in organising the event and Jonathan Hodgson for doing the website.

If you like a free day of training on Microsoft technologies presented directly by developers with experience using technologies then sign up for the DeveloperDeveloperDeveloper day that's being held on Saturday 14 May at Microsoft's Thames Valley Park campus.  Don't wait to sign up - we're 75% full already and based on similar events in the US we're likely to sell out completely.  Microsoft have graciously provided the venue and are handling the registration and logistics, but all of the speakers are independent community developers! The www.developerday.co.uk site has a full overview of the event, the agenda and sessions and the speakers involved.

There are three different tracks with 6 presentations in each.  Here are a sample of some the talks from developers I know that I'm looking forward to:

• Alex Homer and Dave Sussman will be talking on SQL 2005 and another secret topic
• Ian Cooper, who runs the London .NET User Group, on Patterns of Data Access in .NET (here are my notes from a previous version of this talk I heard)
• Phil Winstanley, ASP.NET MVP, will be talking about preparing for ASP.NET 2.0
• Craig Murphy, Jedi Scrum Master and XML Web Services MVP, on Managing Iterative Development with Scrum
• I'll be covering What's new with Web Services in .NET 2.0.

I'm also looking forward to hearing about custom attributes in .NET, refactoring, test driven development, debugging tips and writing custom FxCop rules.

As well as the presentations it's also a great chance to network with other .NET developers.  For instance, I know that Jamie Cansdale is likely to be there, so if you've got any questions/comments for him on his fantastic TestDriven.NET addin there's an opportunity.

A big thanks to Mike Ormond and his team (Mike Pelton who first posted about the event) for providing the venue and logistics support.

 

On my recent trip to the US I picked up an iPod Shuffle.  Overall I'm lovin' it for a number of reasons:

• I like the price (US$99).  I went to the Apple Store in Bellevue and was impressed that they seemed to have an iPod at US$50 intervals between the Shuffle and the 60GB iPod Photo at US$450.
• I like the size.  I get a lot of grief from my wife for having too many things in my pockets so it's nice that the Shuffle is nice and small.
• I like the image.  I feel 'cool' to be wearing the distinctive white/grey headphones.  I agree with Peter Provost that there are much better headphones available and I'll probably go with Omar Shahine's recommendation of the Etymotic ER6's.
• I like having music around all the time. 

There are still some things that I'm finding hard to adjust to:

• The whole random shuffle business.  Deep down I'd be happy with an "iPod Linear".  I know that it can be used in a linear fashion but it really annoys me that I can't (or haven't worked out how) change the order that they play in (basically first track copied is the first played).  I'd like to be able to re-arrange the tracks using the iTunes software (please leave a comment if I'm missing something)
• This sinister dialogue box that comes up when I charge the iPod on my laptop while I'm logged onto my client's domain (rather than local computer account).  While it masquerades as a helpful dialogue box it is basically evil, offering to delete all of the music on my iPod with an accidental click of the Yes button.  This is a terrible design.  At worst they should have enabled a 'don't show this again' checkbox.

I've just landed back in the UK after a three-week round the world holiday to Australia and back via Redmond for the Indigo Software Design Review (SDR) last week.  The SDR gave me a chance to play with a slightly updated Indigo build than the publicly available Indigo Community Technical Preview.  I was going to list the highlights of my week but then I saw that Omri Gazitts, from the Indigo Team, posted a list of his favourite Indigo features that maps pretty closely to what I was going to mention.  My key take-away was that the team have done a great job designing Indigo so that it is feature-rich and easy to use with good extensibility points throughout the system.

While I've been away Mike Taulty (Layers of Indigo, IInputChannel and IRequestChannel, Channel encoding and filtering messages) and William Tay (Message Tracing, Logging and Activity Management and the details of the default Indigo bindings) have both been doing some excellent job of kicking the Indigo tyres and exploring the CTP builds.

I'll write more when I get a fresh VPC image installed with the CTP bits.

Kirk Allen Evans has put up a set of Visual Studio .NET Item Templates that make it easier to create WSE SoapClient or SoapReceiver classes including removing the grunt work of adding a reference to the Web Services Enhancements 2.0 library.   John Bristowe gives some background on SoapClient and SoapReciever.  This layer of the WSE programming model provides more direct access to sending and recieiving messages (rather than hiding those details behind method calls).  Thinking more explicitly about sending and receiving messages, and the kind of message exchange patterns that can be used, is a useful exercise that will pay off when moving to Indigo.

As Rebecca Dias mentions, my article ("Why WSE") covering the high-level reasons to use WS-Security has been published on MSDN.  It covers the provides benefits WSE provides, such as end-to-end message-level security, content-based routing, and policy through leveraging the WS-Security, WS-Addressing, and WS-Policy specifications. 

Let Rebecca know what you think of it.

If you want a longer article on the same material I'd recommend fellow-RD and web services enthusiast, William Tay's piece on Solving Real World Business Problems with Web Services Enhancements in .NET

Microsoft Research in Cambridge have released the WSE Policy Advisor for Microsoft Web Services Enhancements (WSE) 2.0.  The Policy Advisor is an an unsupported tool that acts as a security diagnosis tool for WSE2 policy files (think of it as an FxCop for web service security policy files).  It analyses the policy file for common security vulnerabilities, provides a description on the risk and remedial advice.  It can be launched as a stand alone application or from the policy tab of the WSE Settings Visual Studio add in.  If you are intersted in WSE 2.0 and Policy then  download the Policy Advisor and run it against the sample files that ship with WSE 2.0 and send the research team feedback.

I've been a fan of using policy files to secure web services with WSE for a long time.  As Clemens says, authoring a policy file by hand is pushing things too far.  In combination with the WSE Settings add-in the Policy Advisor provides a great service for anyone wanting to understand and apply policy files, without having to get too focused on the XML angle brackets. The help file contains a list of all the problems the Policy Advisor can detect and is an excellent learning resource if you want to learn about the purpose of many of the policy elements.  For example:

This policy accepts messages with unauthenticated or elements. (Alarm)
Risk: The message is authenticated, but authentication does not cover and . Those elements are often used to implement replay protection, and should thus be authenticated. Otherwise, an attacker may intercept a message and generate a series of slightly different messages that will be accepted as distinct, genuine messages from the original sender. (The risk may be mitigated if the transport provides integrity protection, or if the recipient implements replay protection using other authenticated elements.)
Advice: Insert wse:Timestamp() and wsp:Header(wsa:MessageID) in the element in the assertion.

It also has warnings about the evil that using unencrypted UsernameTokens, though I'd highlight Keith Brown's excellent MSDN article on Securing the Username Tokens with WSE 2.0 as the best source of guidance in this area.

Here's how the tool integrates with the WSE Settings Visual Studio addin:

Below is a screenshot of the report that the Policy Advisor produces, in this case it is reporting against the secure conversation sample that ships with WSE 2.0.  The top part of the window describes the report, the bottom tree view highlights all of the issues found and the relevant policy for each problem.