The Naked Flame

Well, that has been a very long week. I didn't realise how exhausting the experience had been until I got home and slept an extra 8 hours over the weekend. I feel a lot better now though which is good.

This feeling was not helped by the first heatwave of this summer hitting exactly this weekend. I thought the Gold Coast was a nice warm change from the Sydney cool weather that I had come from, but it turns out there was better waiting back home.

Saturday hit a nice warm 28 degrees, and I was expecting the same today, but it turns out we got an even more sweltering 33. Looks like there'll be a few more isolated hot days through the week, so maybe it is here to stay already.

May be the same session this guy did last year; if so I am not going to stick around for too long... better things to do with my time ;)

Not looking hopeful... he's mostly saying things I already know. Maybe I get to have a little break for my brain to creep back into my head. Maybe also charge my netbook before SmackDown... not sure if I'll manage to get in, but I am going to try!

Still on the introduction... Corneliu seems to have slowed down *a little* since last year, but I might be getting used to his accent; either way, easier to understand this year than last.

Finding primes as an example; interesting that the broken multi-threading version adding to an unsync-list didn't blow up altogether! Adding a lock to fix it, and it'll drop performance I am sure. Still not getting the same 'count', so I guess his algorithm is broken... uh-oh!

Co-operative cancellation sounds very interesting; hope there is a demo to explain what it actually is. The ConcurrentBag version seems to actually give the right count at the end, so let's just let that slip.

Task schedular can be customised, hopefully making custom threadpools redundant in the future. File processing example; methods that represent parts of the processing logic, including loading, verification, condition handling, etc. Using continuations to chain parts of the logic together!

Sexiness counts, 10-10-10, first 10 seconds, first 10 hours, first 10 days. Very important to connect quickly with the user if you want them to keep using the app.

Creative got to the MP3 market first, beating Apple by 2 years. Apple's iPod had worse battery life, less storage, less formats, less features... ... but it looked great. When you put your app up on the marketplace, all the customers see is screen shots initially! ... Make the looks count.

Sample "Enter PIN" UI on the iPhone, recreate in Windows Mobile as an example. Always start with maximised form. Delete the menu too to get a full screen without ugly UI. Strictly is against the UI guidelines, but it gives better user experience.

Site with useful stuff: www.opennetcf.org has libraries that can help; has a lot of MVPs building wrappers and libraries. Extra tip for debugging; Emulator: file -> config -> peripherals -> create text console window for serial port 1! Shows a console with trace information for load-time. Can write to the port if you want to trace to it too.

Most of the coding seems straightforward. Wonder if this all means that WPF is not available for the mobile platform yet. Anyway... just gonna sit and listen for now.

Have to do this from memory, since I was juice-less by this session, and in the mean time I have had dinner and plenty of time to forget details.

Okay, so... basically, .NET 4.0 throws out the old and replaces it with the new is what it comes down to. There is an improved/new sandboxing model that makes it easy to load code into separate AppDomains with restrictive permissions so that untrusted code can be put into its own little prison, even when it is a library used by a trusted application.

Very big gasp of disbelief from the presenter when nobody indicated that they were sand-boxing their third-party code. I must admit I had never considered that as an option, but it really makes sense why that would be a good idea... if you don't write it yourself, and it is a large library, then you really cannot afford a full security audit. This may be something I should have a look into and perhaps apply so that we do not get any unexpected behaviour.

Another gasp when it turned out AntiXSS was not used more than it should be. Turns out there is also a fairly easy way to attach AntiXSS to specific ASP.NET controls without code changes, which is really cool. It is not 100% fool-proof, but as a low-cost (read: a few lines of configuration) partial solution, it is really a crime not to do it.

I am sure there was a lot more in this talk, but that is the essence of what I am taking out of the session with me... now... time to get ready to sleep and go for one more (half) day.

This is an architecture topic primarily, no code or screenshots. Definition of identity to start with; set of information about some entity, such as a user. Authentication is the act of establishing identity. Authorisation is distinct and potentially disjoint from authentication.

Working with identity is too hard; Kerberos for network, username/password for the web, federation and SAML between organisations. Claims-based identity is intended as a single approach to cover all these scenarios. Simpler for developers.

Token: artifact transporting identity information; consists of one or more claims. Claims: are statements about an entity (examples: age, gender, group, etc.) An identity provider is an authority that makes claims about an entity (generates tokens?)

Example identity providers; at work the employer, internet is most often yourself (does not mean the claims are true!).

Identity provider implements security token service (STS). Software that issues tokens which are requested via WS-trust, WS-federation, SAML. Authentication can be outsourced depending on who you trust!

Illustration; identity provider has a store and an STS. User calls the STS (browser, or rich client, for example) and asks for a token. STS decides if the user is valid based on provided evidence, and will get information from the store, package it in a security token and send it back to the user.

Illustration; user has a token, relying party has a resource that the user wants to access. User invokes the application at the RP sending a token along. RP checks that the token has not been tampered with, whether it is successful, etc, etc. If all is well, the call is passed through to access the resource.

Today's world... application typically only gets simple 'identity' information. Example: user's name. Doesn't say 'who you are', just that you have been there before and you have returned. To get more, the app needs to query a remote or loca database, or directory service.

Claims can be used to: identify a user, convey group or role membership, personalisation information, grant or deny the right to do something, constrain the right to do something (purchasing limit).

Supporting multiple identities, using an identity selector. User, IP (many) and RP; user first lands on the RP page. Gets a list of trusted IPs to choose from. User picks an IP and gets a token. Sends the token on to RP.

Windows Identity Foundation sits in front of the RP and performs the validation and pass-through. All interactions are open standards, so no Windows tools mandatory to do any of this. ADFS 2.0 is an IP. Windows Cardspace 2.0 is a piece of client software that performs the identity selection feature.

Using this architecture isolates the RP from changes based on the type of authentication or context involved. Identity across organisations is a little trickier. User in one Windows forest needs to access app in another forest, or perhaps a non-windows user.

Option one: duplicate accounts; very bad, extra administration needed! Better: identity federation, no duplicated accounts, allows single-sign-on, also means that cancellation of account automatically de-authorises the dependent companies.

Out of battery, so saving now...

7 Ways to Shine on Windows 7; fundamentals, taskbar, libraries, multi-touch, ribbon, sensor and location, graphics.

Windows 7 remembers defaults based on the network, such as default printers. Fixing wizards... type 'fix' in the help system and it will return links to a whole bunch of wizards that can diagnose problems.

Double-click on 'Home' to switch the ribbon on and off. Shift-click on the taskbar to start additional instances of an already running app. Shake the top window to make all other windows disappear and re-appear. Windows-transparency tab on the taskbar is mainly to make desktop gadgets visible.

Overlay icons on the app icon to show the status of the app. Pop-up menu from app taskbar buttons that show recently used documents for quick access. Possible to add right-click commands or controls to the hover-over preview.

OpenSearch toolkit to make it easier to integrate searches with Bing and Win7 Search Connectors. Very easy integration into Windows Explorer. Graysonline example very impressive.

Windows API Code Pack is a kind of preview for APIs that have not made it into .NET proper yet; shell, libraries, taskbar, sensor, graphics, multi-touch, UAC, etc.

Live thumbnails; not based on processes, can be created programmatically with any desired content. Also possible to interact back with the app from these previews; close tabs, select/deselect, etc.

"Windows 7 Application Quality Cookbook" is the bible to make stuff work well under Win7. Services run under a separate privilege level; services may break! Also "Windows 7 Training Kit" for help.

Multi-touch API is a separate download, the toolkit does not include touch features. Ultimately .NET 4.0 is a better solution to use.

Learning about cross-WPF/Silverlight composite and reusable user interfaces.

Step 1 - Encapsulate resources. Abstracting all the resources for an app into a separate project reduces friction between coders and designers.

Step 2 - Understand Composite Framework. Shell hosts the app, application services glue the logic together, modules contain individual features.

Step 3 - Define the regions in the shell to subdivide the content of the app (navigation / content / whatever).

Step 4 - Understand Region Mapping. Region adapters map views into regions. Views are part of the modules (possibly multiple views per module).

Step 5 - Understanding Application Services. Core services deal with modules, services, regions, events and logging. App services are custom-coded; messaging, cache, security, exception handling.

Step 6 - Commands, Events, Attached Properties, Converters, Navigation.

Step 7 - there is no step 7.

Step 8 - Define Modules. Learn how to apply MVVM, listeners, events, models, services, module definition classes. How do modules inter-communicate? Event aggregation, subscribe/publish model.

Cannot really read the code on the screen very well, so I am just following the general shape of things. It's making a lot of sense so far, but very architecture-heavy, which is a little surprising. This may have needed to be a level-4 topic?

Step 9 - Bootstrapper. Configure the service container. Configure the regions and adapter mappings. Create the shell. Initialise the modules.

Step 10 - Test, test, test. Unit, functional, performance, memory.

Deployment - know the environment, ClickOnce, Silverlight (browser / stand-alone).

Multi-targeting between WPF and Silverlight. How to deal with layout/resource mismatches... missing features in Silverlight. The structure of the Composite Framework is designed to leverage common abstractions. Use two solution files in the same top directory, share code and resources that are generic, but add platform-specific parts for the 'differences'.

The Composite Framework chm file has a very good high-level overview of the technology involved.

I've read all the materials on VS2010 and .NET 4.0 already, but who knows, there is a good chance there is something that I may have either missed completely, or misunderstood the significance of. Let's see if I can learn something new.

VS2010; selecting variables highlights them throughout the code. Holding alt-key down you can select rectangles in the code, and then edit them. Show Call Hierarchy shows where methods call to and get called from.

Sharepoint; Dev tools are a bit sub-par at the moment. VSeWSS is little known MS tool to deal with this. Still has a lot of issues though. VS2010 can browse SharePoint, create items, deploy. Server explorer similar to database explorer. Can add new items through the explorer. Need to have SharePoint server installed locally to do this! LINQ to SharePoint to access data; very nice.

C# 4.0; love the duck-typing image... includes IronPython and IronRuby. Now has optional and named parameters, which is nice... still do not like that it inherits the brain-dead VB.NET attributes; also, consider combinatorial explosion for unit-testing.

VB10; not sure I care about this... gets automatic properties, collection initialisers, no need for end-of-line underscores. Demo is not exactly making me feel like I should bother with VB.

ASP.NET 4.0; SEO - routing and permanent redirect, live data-binding, enhanced dynamic data, MVC, QueryExtender. Adding routes easy; map new URL to old format internally; need to change parameter extraction though, more manual work than I'd like to see. Use RedirectPermanent instead of Redirect for correct semantics for moved pages. Live two-way data-binding looks good, but not sure what it 'means'... losing focus and glazing over a bit... just gonna post this.

Had to truncate the title of the session, because it was just too ridiculously long. Suffice it to say, it's a Windows Mobile 6.5 session... let's see what's new, and whether I need to hold off on a new phone ;)

It's okay Loke Uei, I'm not a morning person either... but I have to make it through the rest of the day somehow I guess. Suggestion to get into the Windows Marketplace early since it's opening real soon. Let's see if the tools are there to be able to realistically develop for this new platform with no physical hardware available yet.

There is a competition to be had on www.mobilethisdeveloper.com, so I guess I better check that out. Wow... they are giving away a 'Surface' to the winner... no shipping to Australia though :(

Okay, so maybe I am going to have to disagree about which OS is more interesting. I personally like the idea of touch screens better... although once I have one I may change my mind... anyway Pocket PC for me then, and WM6 Pro.

Should be obvious, but may be not; limit the UI by: making use of location knowledge (no location entry! the phone should know), present less options, avoid free text entry (use drop-downs instead), always go full-screen, no scrolling... ever. Less is more!

Using subtle sound feedback on actions that may take a while to indicate that input was detected. Make use of all the sensors available in the device. Need to know which sensors are standard on WM6.5. New stuff: capacitive touch, multi-touch, magnetometer (compass), camera control. Love the 'Sixth Sense' turn-any-surface-into-a-Surface tech.

Gestures is native C++ API ... sounds like the APIs of some of the sensor sub-systems are not very mature or evolved out yet. Tricky to solve generically, but it would be nice if there were at least a generic 'raw values by type of device' kind of API to at least have a fighting chance... Good to have some of this attached intrinsically to controls in WM6.5 though.

Shame... no emulation of hardware devices on desktop environment. Means that you'd need a very large range of phones to develop apps for the various capabilities.