Last saturday was the first dutch code camp. It was fun. I met other geeks like me and there were alot of interesting presentations. There were sessions about WPF, C# 3.0, Linq, XNA, domain driver design and more. Look at the Code-camp site for downloads of the sessions.

A few days ago I needed to retrieve the version information of an Winforms application and append it to some files. I needed to do this via a batch script. I did it with the following script:

@echo off
setlocal
for /F "delims=" %%i in (
'findstr /C:"<Assembly: AssemblyFileVersion" 
".\My App\My Project\AssemblyInfo.vb"'
) do set MyAppVersion=%%i
set MyAppVersion=%MyAppVersion:~32,-4%
pushd .\MyAppSetup\Release\
move /Y setup.exe setup_v%FCVersion%.exe
move /Y MyAppsetup.msi MyAppsetup_v%FCVersion%.msi
popd
endlocal

Nice, isn’t it?

As a software developer it is important to have good people skills. You have to find out what your users want. You have to communicate with them. If you cannot your are at a disadvantage compared to your peers who can. Your current position is determint by your technical skills only for 15 percent, I read somewhere. The other 85 percent are communication skills. Most of the well paid positions are occupied by people with poor technical skills. But they communicate.

As (almost) all geeks I am a bit autistic. Communication is not my strong suite. You have only to ask my wife. I can tell you she wishes I would communicate. As all wifes do I guess. Anyway it is not hopeless. Even if you are not a natural communication talent you can learn it. ‘How?’, you ask. By reading books about communication and start practicing. Learn form those how can. Most communication skills we all have but we do not use them. We do not use them enough. So read and practice.

I recommend the books from Dale Carnegie. They are easy to read and full of practical principals. Some of his books are How to Win Friends and Influence People, How to Stop Worrying and Start Living and How To Develop Self-Confidence and Influence Others Through Public Speaking.

Last weekend I installed Vista. I tried to upgrade my Windows XP installation. It took al long time, I was stupid and impatient. Yes, I pushed the reset button. I thought that my computer was hanging and expected a reset to continue the upgrade where it left off. But it did not.

The only thing to do was to do a clean installation. So I did. Everything went fine. Since ‘My Documents’ does not exist in Vista I copied the contents of ‘My Docments’ in the new documents location. Then I deleted the ‘My Documents’ directory bypassing the recycle bin. I did not make a backup. Another mistake. Why? There are no documents in Vista’s documents location. How is this possible? I lost important stuff. I do not blame Microsoft or Vista, though. I should have made a backup of my important data!

Is it me or is it hard for users to test applications? No, it is not me. Most developers know what I mean. You need to built in some feature. Ok finally it is working the way you want it. That may not be the way your key user wants it to work. So you tell him/her the feature is finished. Go ahead and test it. You go away and your never hear from them again about the feature. Until it becomes a priority for them of course. Suddenly all kinds of action can be detected from your key user. You are told that something is wrong. He or she is disappointed. ‘This must be fixed. I need it yesterday.’ Right! ‘Didn’t I asked you to test?’, you think. ‘Now I have little time to fix it, damn.’ Sounds familiar? And even if users test it is ad hoc, non structured and not repeatable.

Why is that? I think there are three main reasons for this:

  1. Users do not know how to test. They never were explained how to test so it is not easy for them to do structured testing. They don’t know what to do.
  2. It has no priority. Their other work is more important because that’s the stuff their bosses want them to do.
  3. ‘The developer tested it! why should I do it again’. They forget that a developer is not usually an expert in the field of the user.

 

The solution is to educate them and make it a part of their job. The first thing developers can do. The latter could be done by their bosses. Yeah, wishful thinking…

If you have an application that is used by more than one user and it stores its data in a shared database, you have to deal with concurrent actions of your users on the same data. This means for instance that if two users are updating account information for client X at the same time the application must decide which user’s changes should be stored. There are two models for concurrency: optimistic and pessimistic concurrency.

Optimistic concurrency

With optimistic concurrency no locking mechanisms are used. The idea is that the chances are small that users are editing the same data at the same time. So why bother with an resource expensive mechanism like locking? Because it could happen. An application must have some way of detecting this.

ADO.Net helps a developer out by offering support for the optimistic concurrency model. It tracks changes to data it is updating by including the original data in the where clause of the update statement. If the data was not changed one row was updated, contrary to zero rows updated rows. A DBConcurrencyException is throw in the latter case. A simple but elaborate mechanism.

A disadvantage of optimistic concurrency is that the user that first updates the data wins. All other users loose: maybe they had been working for ten minutes on the data and now they cannot save the changes!

Pessimistic concurrency

Pessimistic concurrency works different. It uses locks to make it impossible for users to change other users data. Of course the idea is that the chance that two or more users are updating the same data is small. So the chances are slim also that the lock bothers other users. But locks do affect scalability.

How can an application support pessimistic concurrency? A developer could implement it him-/herself. ADO.Net does help here. That is a difficult job. What about death locks for instance? Luckily databases help us out. Most databases support different kinds of locking and transactions. For pessimistic concurrency to work however the lock must be sustained for the whole period a user is working on the data. So what happens when this user goes for coffee or goes home. Too bad for everybody else? It is a big disadvantage. Isn’t it?

The conclusion

Looking at the the advances and disadvantages of both concurrency models I think is best to use optimistic concurrency as the main mechanism. Pessimistic concurrency should be used when changes to data must be ACID. But both methods can and generally are used by applications at the same time.

 

Today I was surprised to hear that I have co-workers that think that UML has a diagram for a relational database design. I responded by saying that the design of a database is not object oriented but relational and since UML is a modelling language for object orientated systems it would be illogical for UML to have a diagram for relational databases. These concepts are very different. But no I was told. No, no UML has a diagram for relational databases. Tables in a database have methods, select, insert, update, delete and triggers. If I wasn't in a shock I would have laughed. I never heard such nonsense. Humbug as Dickens would say. I tried again to make the point that the relational concept totally differs from the object oriented concept to no avail. One of them said that he was playing with words, that conceptually the database model (the entity-relational diagram) could be represented by UML. OK, and my ass can be conceptually represented by UML as well. Total nonsense. Start reading some books, guys. Start with some basic concepts.

Of course it is possible to model classes in UML that represent tables. This is a common practice. The 'Active Record' design pattern is an example. But this is not a database model and it is not really object oriented. I guess this is what they meant. But then I think they still don't know what they are talking about. They don't know the difference. That is really worry some, I think. If we are talking about a design in the future will we talk about the same things?

ASP.Net offers the possibility to encrypt sections in the web.config automatically. It seems not possible for WinForm applications to do that for the app.config. And this is true for a part: WinForms does not offer tools to configure it. But it can be done. It is all .Net. Isn’t it? So how do we do it? Read on and see how.

First let me explain something about the configuration files in .Net. The app.config and web config are divided into sections. The encrypting and decrypting operation are performed on sections and not on the file as a whole.

Developers can extent a configuration file by defining custom sections. This can be done by adding a section tag to the configSections element or the sectionGroup element like in the example below. The name attribute of section element specifies the name of the new section. The type attribute specifies the handler that processes the configuration section: it gets the data out of the section. As you can see in the example below I implemented both scenarios.

2 <configuration> 
3 <configSections> 
4 <section name="Vault" type="System.Configuration.NameValueSectionHandler" /> 
5 <sectionGroup name="applicationSettings" 
		type="System.Configuration.ApplicationSettingsGroup, System, Version=2.0.0.0, 
		      Culture=neutral, PublicKeyToken=b77a5c561934e089" > 
6 <section name="EncryptConnStringsSection.My.MySettings" 
	   type="System.Configuration.ClientSettingsSection, System, Version=2.0.0.0, 
                 Culture=neutral, PublicKeyToken=b77a5c561934e089" 
           requirePermission="false" /> 
7 </sectionGroup> 
8 </configSections> 
9 <connectionStrings> 
10 <add name="EncryptConnStringsSection.My.MySettings.testConn" 
11 connectionString="Data Source=kissvr07;Initial Catalog=ProjectX_Dev;Integrated Security=True" /> 
12 </connectionStrings> 

Now that I have explained how to create sections in the app.config let’s go on to show how to encrypt a section. It is really a simple operation. And once a section has been encrypted you do not have to worry about decrypting it. The .Net framework does it automatically for you. It is a transperant operation and works as if you did not encrypt the section.

The configuration namespace contains a class that represents a section. This class is called ConfigurationSection. A member of this class is the ElementInformation property. This property gets information about a section and it has the method ProtectSection defined on it. This method encrypts the section. Out of the box the are two encryption algorithms supported via providers: DPAPIProtectedConfigurationProvider and RSAProtectedConfigurationProvider. The default provider is RSAProtectedConfigurationProvider. You use the default provider by passing Nothing/null as a parameter to the ProtectSection method.

I wrote the following class to demonstrate this method.

1 Imports System.Configuration 
2 
3 ''' <summary> 
4 ''' This class protects (encrypts) a section in the applications configuration file. 
5 ''' </summary> 
6 ''' <remarks>The <seealso cref="RsaProtectedConfigurationProvider" /> is used in this implementation.</remarks> 
7 Public Class ConfigSectionProtector 
8 
9 Private m_Section As String 
10 
11 ''' <summary> 
12 ''' Constructor. 
13 ''' </summary> 
14 ''' <param name="section">The section name.</param> 
15 Public Sub New(ByVal section As String) 
16 If String.IsNullOrEmpty(section) Then Throw New ArgumentNullException("ConfigurationSection") 
17 
18 m_Section = section 
19 End Sub 
20 
21 ''' <summary> 
22 ''' This method protects a section in the applications configuration file. 
23 ''' </summary> 
24 ''' <remarks>The <seealso cref="RsaProtectedConfigurationProvider" /> is used in this implementation.</remarks> 
25 Public Sub ProtectSection() 
26 ' Get the current configuration file. 
27 Dim config As Configuration = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None) 
28 Dim protectedSection As ConfigurationSection = config.GetSection(m_Section) 
29 
30 ' Encrypts when possible 
31 If ((protectedSection IsNot Nothing) _ 
32 AndAlso (Not protectedSection.IsReadOnly) _ 
33 AndAlso (Not protectedSection.SectionInformation.IsProtected) _ 
34 AndAlso (Not protectedSection.SectionInformation.IsLocked) _ 
35 AndAlso (protectedSection.SectionInformation.IsDeclared)) Then 
36 ' Protect (encrypt)the section. 
37 protectedSection.SectionInformation.ProtectSection(Nothing) 
38 ' Save the encrypted section. 
39 protectedSection.SectionInformation.ForceSave = True 
40 config.Save(ConfigurationSaveMode.Full) 
41 End If 
42 End Sub 
43 End Class 

As you can see this class also has a method ProtectSection. Basically it gets section information out of the app.config and checks if it can be encrypted. If so it protects the section using the default encryption provider and it saves it. And it’s done.

Protecting connectionstrings

It is simpler to protected or unprotect connectionstrings. It can be done with the following code sample:

1 ' Connection string encryption 
2 Dim config As Configuration = _ 
3 ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None) 
4 config.ConnectionStrings.SectionInformation.ProtectSection(Nothing) 

Updated: I published it on The Codeproject. It may be more update there. Check it out.

Ok, I am writing an Windows Mobile application to keep track of the kilometers driven with my lease car. I am using Sql Server Everywhere to store the data. It is a nice little database. It can do everything but table columns cannot have check constraints. At least if it can I cannot discover how to do it. This is an omission, I think.