Peruse Muse Infuse
Home | Site Map | Site Index
Subscribe To This Blog
Atom Feed
RSS 2.0 Feed
Tags
Agile (9)  Architecture (24)  ASP.NET MVC (1)  Aspiring Architects (12)  Bio-Diversity (1)  Business (4)  Business Architecture (1)  Cheat Sheets (7)  CodePlex (3)  Dalek (1)  Data Architecture (1)  Enterprise Architecture (3)  Formula One (1)  Garfield (1)  Ghostbuster (1)  Hello Cruel World (1)  History (2)  iGovt (1)  Inter-Personal (1)  Modeling (4)  Morphfolia (1)  Off Topic (3)  open source (6)  podcast (3)  Political Architecture (1)  Politics (1)  Security (7)  Solution Architecture (1)  SqlAzure (1)  Strategy (4)  Tech-Ed 2009 (3)  The Cloud (4)  Thinking (6)  Web Development (6)  Wellington (12)  WSAF (12) 
Recent Posts
Hitchhikers Guide to NFRs - the System Quality Attributes Map
Backlog Depression
At the Coal-Face - Solution Architecture in the Public Sector
Security Guidance - Practical Non-Functional Requirements
Career Direction - What and How
10 Years in IT - 6 Lessons Learnt
I Blame the Superficialites
Free Un-Evil Options Analysis Template
Browser Wars - Agile Strikes Back
WSAF Session 7 - Practical Hacking
Available Blogs
Morphfolia Code Log
Peruse Muse Infuse
Tech-Ed 2009 - Day 2
Posted at 17/09/2009 1:49:11 p.m. by Adriank (317 days, 20 hours and 23 minutes ago)
Tagged under: Tech-Ed 2009, Agile, Architecture, SqlAzure, Web Development, Security

Tech-ed 2009 - Day 2

Doppler effect time; here I am standing at the MS stand at Tech Ed Marketplace on the last day, blogging about the previous day. The crowd has thinned out a bit - some of the out-of-towners have already headed home, and the mood is definately one of 'wind-down'. [doh! didn't finish, so it's now the day after that - assuming you care]

What I attended 'today'...

ARC202 Challenging the role of the architect with Kevin Francis

This was an excellent session - it's the first time I've ever seen anyone explain how an (solution?) architect should engage in a project - regadless of the methodology.  Kevins an Agile advocate - and his talk focused on that, which made it twice as good: how to fit Architecture and Agile.

One of the main thrusts is that agile works - but should be confined within a 'box'; your architecture should be done prior to this (by in-large).  Change is fine - but it should not affect the architecture - if it does, it needs to be for a very compelling reason.

Main steps:

  1. High Level Requierements + your reference architecture / enterprise architecture should be taken and fed into your...
  2. High Level Design.
  3. At this point you shoudl decide on your development methodology (such as agile or waterfall (if you must)).
  4. This will all feed into a High Level Estimate and your High Level Architecture.

The next steps include:

  • Working on the scope, tool and product selection, etc.
  • UI prototype.
  • Technology prototype / validation

All of this should take no more than %5 of your project budget.

Kevin also spoke on time lines and what you should be doing when - I'll save that for later.

You can check out more of Kevins stuff @: www.slideshare.net/kevinfrancis

SEC312 The "Everything Developers Need to Know About Security" Talk with Michael Howard

A bit of a follow on from the talk he did yesterday.

  • Further emphasis on threat modeling, specifically basics like:
    • Local vs Remote access
    • Admin vs anonymous access
  • Further emphasis on FUZZ testing
  • The (crucial) importance of only allowing things you know to be good (white-listing, never rely solely on black-lists).  Black-lists have their place, but should never be used in isolation.

Michael also spent some time looking at when / how you can prioritise security testing if you're pushed for time (for example); give preferecne to:

  • Old code
  • Code / projects that have a 'history'
  • Complex code / systems (more on that later in the ARC203 talk by Roger Sessions)
  • Code that is hard to maintain or where there has been a lot of churn
  • Systems that 'listen' (on ports etc)
  • Any thing that has planetary access

The list he gave is longer than that, but it gives you an idea of the lines you should be thinking along.

WUX304 Building Great Standards Based Websites with ASP.NET 4.0 and Silverlight 3 with Damian Edwards and Andrew Tokeley

I went into this talk expecting to see a lot of Sliverlight - instead it was focused more on the standards - with some Silverlight stuff, and although it didn't match expectations exactly it was an excellent session.

Damian gave a lot of great quick bites of info around usability (and therefore standards) - but also a lot around helped tools and performance tips, including:

  • Suggested CSS 2.1 (Firefox 2, IE6 (and 7), Safari 2) as a good baseline to work to, and then add candy on top - rather than working backwards.
  • 7-12% of users  visit without JavaScript support (for the big portal site he was working on)
  • YSlow (not sure how that's spelt) is an add-in for Firebug (itself a plug-in for Firefox) that helps with performance tuning
  • Include a version in resource urls (like images and JavaScript files) to get around client-side caching issues (e.g: src='foo.jpg?v=1.2.0.45673).  A good tactic here is to use the assembly version as the id - assuming you're using ASP.NET).
  • Use PowerShell to combine multiple JavaScript files into one for better performance).
  • YUI (http://yuicompressor.codeplex.com/) for compression of JavaScript and CSS.
  • You can use a site called wave.webaim.org for accessibility evaluation.
  • And if you want to validate and correct mark-up entered by users try http://markupsanitizer.codeplex.com/

An interesting thing Damian discussed was how browsers manage connections and how you can get the most out of a browser.  Apparently browsers will only keep a certain number of connections open at any one time, usually about 6-8 (IE6 used 2).  The connections are based on the host name - so if you split out your resources into different hosts you can get an increase in performance by getting more simultaneous connections, for example:

  • www.morphological.geek.nz
  • images.morphological.geek.nz
  • scripts.morphological.geek.nz
  • css.morphological.geek.nz

Andrew showed some really cool Silverlight stuff - anyone who thinks Silverlight = un-accessibility really needs to see his talk.  I didn't end up taking any notes - partly as I'm not doing any Silverlight at the moment (sorry Andrew!); let's say my lack of notes was due to being too busy watching.

DAT301 Building Applications on SQL Azure with Jeremy Boyd

Jeremy did well with a fairly dry subject - if you're familiar with MS SQL and the concept of 'the cloud' then you'll be really close; however, Jeremy went into some of the detail and showed some simple but effective demos of how to work with SqlAzure.

You can connect using a command line or using the standard management tools, however, not everything in the management console will work: specifically the object browser.  The other gotcha is that all tables must have a clustered index.

Pricing is (at the time of the session) approximately:

  • $9 USD for 10Gb of data
  • $99 USD for 100Gb of data

Considering the amount of availability the Azure platform provides this makes for an effective DR option, a great way to launch a start-up (low cost) and is suitable as a sync-hub  (say, using the MS Sync Framework).

As usual bandwith is an issue - latency is around 150 milliseconds a call (assuming you're calling SqlAzure in the US from an app hosted in NZ), but this is manageble:

  • Use chunky calls (few calls to bring back lots of data at once, instead of many smaller calls)
  • Deploy your app into the Azure fabric so the call is more direct (location can still be an issue within the US, but it's clearly not as severe for a few reasons).

 
 Some rights reserved.
Last Modified 15/04/2010 11:34:08 a.m. by AdrianK (adriank [at] morphological [dot] geek [dot] nz)