Enter your email address:

Delivered by FeedBurner

Open Source Projects Must Market Themselves Better


The open source community is rich with alternatives for any need or framework you could possibly need. It is a veritable cacophony at times. While this richness is great, it can be a challenge to get your project adopted by developers.

This also presents a challenge for those architects and developers who are shopping around for a framework to solve a particular problem. Most projects have a web site somewhere (CodePlex, SourceForge, etc.), with a list of bugs, releases, notes, etc.

Most of these project pages have only a short description about the project. That description was likely written at the very beginning of the project when it was just a simple idea. The description is usually outdated, and never updated as the project moved forward.

If I am an architect/developer browsing your project site, and I see something that is vague, and hard to understand, I won’t likely check out your project. After an hour of only seeing poorly marketed and documented projects, I am likely to not choose any framework. That’s not a good outcome. Downloading, compiling, and playing with more than a few frameworks is just too messy and time consuming for an architect that needs to ramp up on a particular space, and make an informed decision on how to move his own project forward.

You need to market your Open Source project like any other product on the market.

Open Source project leads need to market their project, and help people understand why they should use your framework. If you are a persistence framework, you have to make that clear. You have to describe what your tool is like, and how it works (at a high level). You should also define what is required to use it (.NET 2.0, certain tools, etc.), and also what the process is for leveraging it in the developer’s project. Your site should also include walk through’s, perhaps webcasts around how to start a project with it. At a minimum, include some diagrams or screen captures. Let me know what I am getting.

If you really want to knock it out of the park, link to or provide information as to why you need to do what the framework does. For example, if you have a DI framework, provide information on when and why DI is a good idea. You could also link off to some resources that will educate the reader on DI. Informing that user will help them understand why they should use DI (in this case), and know why your particular framework is a good choice.

I had this discussion with Nate Kohari from Ninject at a Day of .NET a few months ago. When he released a new build (congrats!), he updated his site to help the reader better understand what Ninject does, how it is used, and how it differentiates itself from other frameworks.

Your project site doesn’t have to have fancy design like Nate’s (but that is great if you can), but it should include this basic information.

You need to make it easy for a visitor, within a few minutes, to understand the value of your project, and how to get started.

Leon, I can answer your question now…


About a month ago I was at CinArc. During the break Leon asked me what Microsoft was doing about open source, and when were we going to change our business model to adapt or compete. He wasn’t picking a fight, he honestly wanted to know if MS recognized this new aspect of the market (not really new at this point, but anyway), and were we going to engage at this level, if not embrace it.

I didn’t have an answer at the time. Not because I missed the ‘Annual Evil Empire Planning Meeting’ (I am still waiting to get invited to that meeting), but because I was so new, and am really not part of that part of the organization. I recently attended a session where Sam Ramji explained Microsoft strategies for working with open source, and the open source community. I was very pleased with what I head. I shows that we are embracing this model, and the people who believe in it.

There have been some amazing announcements about how we are supporting and engaging the open source community.

Our message: We are committed to making Windows the best platform to run Open Source applications on. That’s it.

Our actions and commitments are our proof. And these are just the start.

- The Open Specification Promise: We have put many, many protocols based on Microsoft’s patents into the OSP, with a promise that developers have a right to use them without any fear from any patent claims from Microsoft. Per the site that defines the promise: “be used for free, easily, now and forever.” Developers can use these protocols in any way, and for any use, even commercial. Our promise is also more broad, and more flexible than other promises. There have been clarifications on our promise so that developers really understand what our commitment is.

- PHP ADOdb patch: ADOdb is a very popular data access framework for PHP. Microsoft is contributing a patch that enables ADOdb to access SQL Server through the native drivers in PHP. I was very proud when I was told by Sam about Microsoft’s first real contribution to the open source community. He promises there will be much more. From the plans I heard about, I believe him. Sam’s team has tested more than 100 PHP applications on IIS, and they worked without any changes.

- Sponsor of Apache Software Foundation – We have sponsored the ASF so that they can continue their operations. This shows that we believe in their way. Does this spell the end of IIS? NOOOO! We will continue investments into IIS, which is currently the fastest platform for running PHP applications.

- FastCGI/IIS7 – FastCGI is a component for IIS7 that serves up PHP content. There is an article on how to install it, and how to configure IIS to host PHP.

- Over 5000 projects on CodePlex. Over 300 with MSFT engineers contributing (yes that can be more, and should be, and will be!)


There are plenty of other announcements that we aren’t ready to go public with yet.

The message is clear. We want our platform to be the best for you, regardless of what tools and frameworks you use to change the world. We are working hard to make this happen, and are actively embracing the open source world. It takes time to turn a battleship though, but I have met the people leading this charge, and I have faith they will do it. It will take more than just this small team. All of us need to work hard to understand the open source community, from their perspective, and learn how we can work together.

Babbage Simmel’s Summer Technology Conference 2008

Labels: ,

A local training partner, Babbage Simmel is putting on a summer conference in Columbus. All of the speakers are from Microsoft, including Mark Harris, Luis Gonzalez, and Bill Steele. Details below.

August 21st and 22nd

Free hands-on labs, Special presentations, Giveaways, Lunch provided!

Babbage Simmel is inviting you to come and experience the latest in Microsoft technologies: Windows Server 2008, SQL Server 2008, and Visual Studio 2008. One full day complete with hands-on labs, technical demos, and presentations by Microsoft and Babbage Simmel, August 21st or 22ndYou Choose! Come find out how you can leverage these products to solve your toughest challenges and reach some of your greatest opportunities.

Event schedule includes:

· Seminars on the upcoming training offerings and certifications for Windows Server 2008, Visual Studio 2008, and SQL Server 2008

· The newest Hands-on labs and First Looks for Windows Server 2008, Visual Studio 2008, and SQL Server 2008 – running all day at your own pace

· Discussion time with and presentations by Babbage Simmel and Microsoft representatives on Windows Server 2008, Visual Studio 2008, and SQL Server 2008

· Time to network with industry peers

· Vendor tables and giveaways!!!

· Lunch and beverages provided both days

Babbage Simmel Seminar Series

Day 1 – Thursday August 21, 2008

  • Server Core, Security Improvements, NAP
  • IP V6, Virtual Server 2008/Hyper V, Terminal Server
  • VS.NET and 3.5 .NET Framework
  • Developing applications with Visual Studio 2008 and .NET Framework 3.5 Service Pack 1
  • WPF, Demystifying WPF 
  • The New Generation of Microsoft Certifications 
  • Lunch will be provided free of charge.

Day 2 – Friday August 22, 2008

  • Server Core, Security Improvements, NAP
  • IP V6, Virtual Server 2008/Hyper V, Terminal Server
  • SQL Server 2008 Overview
  • What’s New in SQL Server 2008
  • VS.NET and 3.5 .NET Framework
  • Developing applications with Visual Studio 2008 and .NET Framework 3.5 Service Pack 1
  • Application Security with Vista
  • The New Generation of Microsoft Certifications 
  • Lunch will be provided free of charge.


Space is limited and seats sell out fast, so be sure to register today! 

Register here: Babbage Simmel Summer Technology Conference 2008

Featured Products/Topics: Microsoft Windows Server 2008, Microsoft Visual Studio 2008, Microsoft SQL Server 2008

Recommended Audiences: Technology Executives, IT Managers, IT Professionals, Business Executives, Vice Presidents, CEO, CIO, COO, CTO, IT Directors, Administrators, Solution Architects, Software Developers, Business Decision Maker, Technical Decision Makers, Developers

Enterprise Applications can have great UX


We often think that Enterprise applications are boring WIMP (windows, icons, menus, pointers) style apps and that there is little to no value to having a compelling UX. Sometimes we do this because we can’t sell a better UX to the business customer. Sometimes it’s because this seems easier for us as the developer. Sometimes it’s because someone thinks that it is such a small app, that it doesn’t matter. (If it is so small, and matters not, why invest the time and money to build and maintain it?)

UX is as much of the architects job as anyone else’s. It needs to be part of your project plan and system architecture. Having good UX in the presentation layer is like having a well factored class structure in the business tier.

There is just this lack of compelling UX in the business/enterprise application world. The problem is not the argument about why UX is important, but great samples of real enterprise applications that show how effective great UX can be. While there are many benefits to the business, working with a well designed UX can really re-motivate a tired enterprise developer as well. Nothing like a new shade of gray to motivate you in the morning.

dnrTV just aired an episode with Billy Hollis talking about current project. I stopped watching/listening to DNR a while ago, mostly out of apathy. This episode got me watching again.

He shows an enterprise application his customer has built using WPF. He does a walk through of the application, and then eventually walks through some sample code. He proves that you don’t have to have a designer (although that can really help!). He built this app with a team of three, so you don’t have to have a big team either.

The one thing you need? Enough energy to get out of the rut, and stop making carbon-copy-boring-high-friction-developer-first-user-second-battleship-gray-ware(tm).

It’s amazing what you can do with a list in WPF.  The animated sticky notes on the side? A list with some styles. Check out this episode.

Do your applications have this good of a UX? Why not? WPF makes it crazy easy.

I Solve Problems in the Shower


I like to solve problems. It’s in my blood. I have a feeling if you are in this industry, it’s in your blood too. I think this is why I was drawn to Math and Physics growing up, and ended up studying them in college (along with CompSci of course). I think this is also why I like the type of games that I like to play. RPG’s, and RTS’s tend to be problem solving type games. Think of the missions you are assigned, or Civilization and SimCity. Those are problem simulators. Anyway…

When a problem gets in my head, I can’t shake it. There are times when I will hit a roadblock for days. One of my strategies is to take a break from the problem, get my mind off it. When I come back to the problem I usually have some fresh ideas on how to approach it. The time off gives me the ability to come back with a different perspective on the problem. That's why, when meeting with customers, I like to give some initial feedback, and then spend a day or two digesting what we talked about. This time gives me the perspective to give the best feedback I can.

Another approach I use is to list out all of the possible solutions on a whiteboard, aka Solo Brainstorming. This helps me get my thoughts together, gets some kinetics into the equation (Brain mapping software doesn’t seem to work for me in this scenario). The ideas seem to build on each other, and it makes for an easy ‘rule out the crap' process as well.

But my best solutions to problems, the biggest breakthroughs I have are always in the shower. I don’t know why. I think the isolation, the removal of distractions maybe? Anyway, that's where my best thinking happens.

There were many times when I would go into work, and start out with :

“I was thinking about you in the shower this morning, and I think we should …”

As part of keeping my problem solving skills fresh, I thought I would take a crack at the www.projecteurler.net problems. I got to the seventh problem in a few hours. One of the problems, #3, is stated:

The prime factors of 13195 are 5, 7, 13 and 29.

What is the largest prime factor of the number 600851475143 ?

Side note: At one point I had to refactor my code from int to Int64 because of the size of the number. I should have seen that in the first place.

At the surface, the algorithm to use is straight forward. Find the factors for the number, then determine which of those is prime, then determine the largest one of those. This is of course a brute force solution. We often just use brute force because cpu’s and RAM are so cheap today.

While the first order goal of the problems on the list is to solve them, your code is also expected to solve them in a minute. You don’t upload your code, you just type in the final answer. People post their code in the forum dedicated to each problem. Many people use assembly. Brings me back to the college days.

My first cut at the code took a while to calculate this, as a matter of fact, a whole conference call on the upcoming fiscal year.

While I didn’t use a timer, I think I didn’t make the one minute mark.

My process for finding factors was as tight as it could be. Finding primes is a brute force thing, there isn’t a formula that will tell you the nth prime number. That’s why there are those distributed computing screen savers out there.

I considered using the concurrency framework to split the work across my cores. But that would be a new fx to learn, and I wasn’t sure it would help.

So I started my isPrime loop at the top of list! While there were hundreds of factors, and only a few of them were primes, I figured the largest prime factor was likely to be found on the upper end of the list.

Didn’t help, time wise at least.

So I took a shower (advantage of working from home). By the end, I had come up with ways of speeding up the process.

I recalled that there were better ways for testing the primality of a number besides making sure it didn’t have any other divisors besides 1 and n. This lead to finding out a different way of approaching the problem. I looked up the math, and implemented the code. It was done in only a few minutes.

You basically divide the number by primes until you have nothing left. Track the primes you used, and the answer is the largest one in the list. This is an inversion of the original approach. Why find all of the factors? Just test each prime that is less than the target number to see if it is a factor. Then, instead of testing hundreds of numbers for primality, I am only checking a few numbers.

I had an isPrime method.I did need to write a new helper method. I implemented a nextPrime method, that given any number, finds the next largest number that is a prime. I implemented a few optimizations here as well. For example, not checking even numbers past two.

I am sure I could tighten this code further, but it is ‘MeWare’, and I wanted to move on to the next problem.

I love solving problems.

private void button1_Click(object sender, RoutedEventArgs e)
List<Int64> answers = new List<Int64>();

Int64 remaining = Convert.ToInt64(textBox1.Text);
Int64 divisor = 2;

while (remaining > 3)
if (remaining % divisor == 0)
remaining = remaining / divisor;
divisor = nextPrime(divisor);


public static Int64 nextPrime(Int64 start)
Int64 numToCheck = 0;

if (start > 2)
if (start % 2 == 0)
numToCheck = start + 2;
numToCheck = start + 1;
numToCheck = 3;

while (!isPrime(numToCheck))

return numToCheck--;

public static bool isPrime(Int64 target)
// assumes target is > 2. I know, but it’s meware.

            if (target % 2 == 0)
return false;

for (Int64 i = 3; i < target; i=i+2)
if (target % i == 0)
return false;

return true;

Improving Web Services Security (Beta)

Labels: ,

The patterns and practices team at Microsoft has been releasing beta’s of their new guide, ‘Improving Web Services Security.’

If you are a lead developer, or architect, and are working with web services (of any platform, but especially WCF) this should be required reading.

The guide does a great job first covering what you should care about, and look for with regards to security when designing web services.

The first section covers the fundamentals really well. What the threats are, and the related countermeasures. Don’t think that because your service in ‘internal’, and only called by consumers you provision that security isn’t important.

As each section delves into it’s topic, it relates back to a ‘Web Services Security Frame.’ This frame lists the different aspects you need to take into account as an architect for each component of what you are building.

I will list them here, so you get a sense for what they are covering:


Auditing and Logging
Auditing and logging refers to how security-related events are recorded, monitored, and audited.

Authentication is the process where an entity proves the identity of another entity, typically through credentials, such as a user name and password.

Authorization is how your service provides access controls for resources and operations.

Configuration Management
Configuration management refers to how your service handles database connections, administration and other configuration settings.

Exception Management
Exception management refers to how you handle exceptions within your application, including fault contracts.

Impersonation and delegation refers to how your service impersonates users and passes identity information downstream for authorization purposes.

Message Encryption
Message encryption refers to protecting a message by converting the contents to cipher-text using cryptographic methods.

Message Replay Detection
Message replay detection refers to identifying and rejecting messages that are re-submitted.

Message Signing
Message signing refers to signing a message with a digital signature using cryptographic methods, to confirm the source of the message and detect if the contents have been tampered with (i.e. authentication and integrity of the message.)

Message Validation
Message validation refers to how you verify the message payload against schema, as well as message size, content and character sets. This includes how your service filters, scrubs and rejects input and output before additional processing. Input and output includes input from clients consuming the service as well as file-system input, as well as input from network resources, such as databases. Output typically includes the return values from your service or disk / database writes among others.

Sensitive Data
Sensitive data includes data integrity and confidentiality of your user and application data that you need to protect. This includes how you protect sensitive data from being stolen from memory, from configuration files or when transmitted over the network.

Session Management
A session refers to a series of related interactions between a client and your service.


A guide on web service security can scare people away. Your first thought is that it is a boring topic, with lots of details to slog through. Many security books I read just cover principles, and never give actual guidance. The guide finally comes through.

It’s also nice to see that some of the architecture I have used in the past fits some of the patterns included.

One section I will call out as an example, is in Chapter 07, Message and Transport Security.

It explains the differences (and pros/cons) of transport versus message security. What I like is that they provide some concrete guidance. For example,

Use transport security in the following scenarios:
• You are sending a message directly from your application to a WCF service and the message will not be routed through intermediate systems.
• Both the service and the client are located in an intranet.
Using transport security offers the following advantages:
• It provides interoperability, meaning that communicating parties do not need to understand WS-Security specifications.
• It may result in better performance.
• Hardware accelerators can be used to further improve the performance.
Using transport security has the following disadvantages:
• Security is applied on a point-to-point basis, with no provision for multiple hops or routing through intermediate application nodes.
• It supports a limited set of credentials and claims compared to message security.
• It is transport-dependent upon the underlying platform, transport mechanism, and security service provider, such as NTLM or Kerberos.

Chapter 05, Client Authentication and Service Authentication, covers a topic that I often get questions on. Namely, what pattern should an architect use regarding authentication and identity across the service boundaries. This guide covers the options, explains them well (with pictures!), and gives you the information you need to make the decision that is right for your project.

Many guides merely do an MSDN style breakdown of the options. An explanation without providing value. For example, sample code that breaks all best practices. In this guide, it explains an option, then tells you not to use it. I love it! Example:

Authentication Options with Message Security
The following authentication options are available when using message security:
None. When using this option, the WCF service does not authenticate the callers. This is not the recommended option from a security perspective – avoid using this option wherever possible.

Anyway, if you have ANYTHING to do with web services or WCF, this is a must read. I find the web version easier to navigate and read than the PDF version.