Without writing a single line of code

There has been a recent influx of simplified integrated development environments in a number of environments.  The goal of these IDEs is to make it possible for Line Of Business users (LOBs) to build data driven applications easily and simply.  This is an admirable goal, but there are a few problems.  For some reason, even though the problems recur again and again, the same mistakes are being made.

First is the assumption of the needs of the user.  In a boxed IDE like Microsoft Access or the new LightSwitch, the user only has the tools that are given to them.  The moment that the requirements change, a blackbox is introduced.  Sure, you can build a custom control to show the flash ad in your advertising management application, but the moment that a code change needs to be made, when a flash version changes or whatnot, the dev can't be found, the control isn't in TFS, no-one knows how to fix it, what language it is in, or anything.  The whole app goes down the tubes beause one custom component was lost.

Second is application lifecycle.  Applications like LightSnack ... er ... LightBeer ... uh ... LightSwitch have a short shelf life.  Need an example?  Infopath.  A number of companies bet the farm on Infopath.  Where are those apps now?  The bit bucket.  Yes, I know InfoPath is still around, but it isn't an effective technology anymore. Do you really want to bank on the existence of LightSwitch in two years, much less twenty?  I don't.  Sure, you can 'graduate' the code base to Visual Studio, but how does that code look?  How aboutwhen a VS upgrade comes around?  Will it hold together then?  And I am not picking on LioghtSwitch - Access has all the same problems.  I recently spent weeks at the Ohio Department of Health upgrading an Access 2003 application to Access 2007 when 2010 was already out.  Shelf life of a tightly integrated IDE has to be taken into account.

Third is the famous "Just because you can doesn't mean you should."  You can't build EBay in WebMatrix (or even the Original Web Matrix), but it doesn't keep people from trying.  Then when the business is depending on it, the failure becomes evident through a scale problem or a requirements or scope shift, and then the 'fix' becomes an emergency.  This is just not a good idea, but it seems that no one will take a moment and consider the implications either when building the IDE or planning the applications.

Finally, this flies in the face of every architectural best practice out there.  Here.  Take my data and just write something in some generic tool to edit it.  What?  That's not how I want my organization to be run.  You may not edit that data without using the controls provided, I am sorry.  I don't want ot have to manage 100s of little applications, built on tens of little IDEs either.  That's not how Enterprise Architecture is supposed to work.  So you think enterprises won't try and use this?  See point three above.  If they can they will. (hat tip to @srkirkland)

Unlike a lot of developers, I don't have the 'I'm a professional developer and I write code so I think drag'n'drop tools suck."  I am not like that.  I am a pragmatic guy.  I use simple tools for simple organizations' simple problems all the time.  But I go in knowing that the solution has a limited lifespan.  Honestly, the tools that are coming out today won't be used like that.  They will be used like Infopath and Access, to write LOB applicaitons that will become essential, and then go stale and have to be rewritten in a hurry.

These kinds of IDEs lead to the kinds of practices that lead to failed IT strategies.  Consider carefully before using them.

Modeling the ‘exactly one of several collections’ case in EF and M

For a long time, I have used the ‘totally unique’ power of the Guid to design the ‘exactly one of several collections’ problem in my databases. The Zen case is that of the container in an inventory management system.  The container can be on exactly one of the collection of stores, or exactly one of the collection of trucks, or exactly one of the collection of warehouse locations.  I can’t, in any case, be in two locations, or no location.


How I usually implement this is to have a single LocaationId in the Containers table that is of type GUID, and is a foreign key for the TruckId, StoreId or WarehouseLocationId.  Since Guids are globally unique I don’t have the worry about a duplication between tables.  Effectively, the Stores, Trucks and WarehouseLocations tables have an implicit uniqueness constraint, which I can enforce in code if I am getting really squirrely.

I was pleased to see that Entity Framework 4 handles this well.   A “Model from Database” command puts up an entity model that looks strikingly like our domain model diagram.



All I have to do here is alter the navigation properties to show a single location, but that pass back either a store, truck or warehouselocataion, based on maybe a simple Location interface.  Good enough.

Where I was curious is in learning how M will handle this design.  As it turns out, not as well. I ran the “Model from Database” and got this:

module dbo
    export WarehouseLocations, Stores, Containers, Trucks;
    WarehouseLocations : {({
        WarehouseLocationID : Guid;
        Aisle : Integer32;
        Shelf : Integer32;
    } where identity WarehouseLocationID)*};
    Stores : {({
        StoreId : Guid;
        StoreNumber : Text where value.Count() <= 16;
    } where identity StoreId)*};
    Containers : {({
        LocationId : {
            StoreId : Guid;
            StoreNumber : Text where value.Count() <= 16;
        } where value in Stores;
        ContainerId : Guid;
        Description : Text where value.Count() <= 128;
    } where identity ContainerId)*};
    Trucks : {({
        TruckId : Guid;
        VehicleCode : Text where value.Count() <= 16;
    } where identity TruckId)*};

Yeah, that wasn’t what I was looking for.  Somehow, the members of Store ended up as values of LocationID as an entity …. meh.  It’s CTP software, but it is worthwhile analysis.  Perhaps I’ll dig in and see if I can figure out how M came up with this after the weekend.

VS 2010 Tip: Select error dialog contents


Back in March when I was testing VS2010’s final versions, I tried to get the contents of a dialog box in order to look up an error.  It’s a small thing, but you can’t copy the contents of dialog boxes any more with the mouse.  I was bummed, so I submitted a Connect ticket:

“It is not possible to select the text in most dialog boxes generated for Visual Studio exceptions. For instance, when attempting to change the network mix in Web Load Tests, the dialog box refers you to a URL at go.microsoft.com for details on administration privileges required. However, it is not possible to select the URL and paste it into a browser.”

As I expected, I was told to go away, they were in RC and weren’t going to add a feature now.  That’s cool.

However, I just got an email from Neelesh on the Load Test team, and he points out that:

“As a workaround you can use "Ctrl_Insert" to copy message box text, paste in notepad and select URL. Kludgy workaround, i agree.”

Kludgy or not, it works great and I’ll use it.

My day-to-day tech


Since I have been back on the consulting bandwagon, around business types and not the same people every day, I have gotten a lot of questions about the tech that I carry every day.  I promised a few people I would blog about it, so here we are.


Here is my day to day tech.

The big laptop is a Toshiba Tecra M7.  It is the best laptop I have ever owned.  It’s it a tablet, and generally rocks.  However, Toshiba won’t support Windows 7 on it, so it runs too hot and won’t wake up properly from hibernation.  Considering going to Windows Server.

The e-reader to it’s left is a nook.  The nook is the best overall e-reader on the market.  It has a soft keyboard, and flexible, Android-based display.  The whole OS and rendering system can be replaced with a Micro-SD card.  Barnes and Noble does a great job supporting it.  It might not have been ready for market when they launched it, but it was always the best out there.

Above that is my Texas Instruments Chronos ez430.  It is a programmable watch.  It has a MSP340 microprocessor, and comes with a wireless interface and pinning for a usb adapter.  You can do neat stuff like change your PowerPoint slides, or measure your sensei’s punch speed with it.

To it’s right is my IronKey.  This is a USB drive, 4 gig, that is waterproof and hardware encrypted.  If you fail to enter your password 10 times, it destroys itself.

Next is the Nexus One.  This is by far the best device, let alone phone, that I have even owned.  It is a Android based slate similar in form factor to an iPhone, but I think it has a lot less suck.  (I know everyone loves the iPhone, it’s like a puppy.  I think it is unusable.)

Hmm, what’s next.  Oh, my Wand Of Business Analysis +4, otherwise known as a livescribe pen.  Basically, everything I write on the special books that I get for it gets moves to my laptop for later analysis.  Also, everything that is said while I am writing is recorded, in time with the writing.  So if I need to know what a customer said while I drew that diagram, I just click on it and the recording starts there.

Finally, a walkman.  Yes, I said a Walkman.  It’s a 8 gig Sony Walkman MP3 player.  Why?  Lots of reasons.  I don’t like to kill my phone battery running music.  I use it as a radio.  I can feed the music to my car.  I have it sync to my desktop to get podcasts.  And it is light, cheap, and if I destroy it by accident I can get a new one with my Best Buy Silver Reward points.

So there we have it.  Years of geeky research and gadget dependency reduced to a blog post.

BigInt not recognized in an Access 2007 ADP

Anyone who has read my blog or twitter feed, or worked with me, or drank with me, or been in the same room with me for longer that ten minutes, all know that I do not approve of using Access as a business-class development platform.  The technical debt that it creates is not worth the effort, and you end up depending on a software package that is better suited to tracking your recipes than your HR paperwork.

That said, there are some solutions that are well suited for Access, and one of them is form-filling.  In this example, we have an HR department that is required to fill out a form that uses some SQL Server-accessible data, and some entered data.  The resultant paper form has to match a template exactly.

This is the kind of solution that VSTO is actually very good for now, but VSTO wasn’t a reality when the solution was developed, so I give them a break there.  Since the only other real option is to build out a full windows application just to print one form, or to save off copies of Word documents, Access is a decent solution here.

Anyway, back to the problem at hand.  I need to add some fields.  The application is an Access 2007 ADP upgraded from Access 2003, and uses data from a SQL Server 2005 database.  I shift-double-click to enter the editing form.  As I right click on the table to enter design view, I get a surprising error:


If you can’t read that, the text says:

"Table 'table_name(dbo)' could not be loaded.

The table being loaded into memory has a user-defined data type ('bigint') that is not recognized.

Close all your open database diagram and table designer windows.  The new data type will be recognized when you re-open the diagram or table designer."

Needless to say, when I close all open windows and re-open them, the problem is still there.

So, usually when I blog about a problem, I have a cool fix.  This time, not the case.  I posted to the partner support forums and got this response:

“Based on my test, I was able to reproduce the issue on my side, if I create a table in SQL directly and open the ADP file associated with the database I see exact same error message when I try to design the table in Access.

create table a1 (id1 bigint primary key)

Also, if I try to create a new table from Access, I cannot find "bigint" in Datatype options.

It seems to be a limitation or issue in Access that it doesn't support bigint in design view though the tables work as expected in other functions.”

That’s kind of a shock: it’s actually a bug in Access 2007.

Anyway, I ended up dropping the table and re-importing from SQL Server which worked fine, BigInt and all.  I have a response in to them as far as finding a better solution, and I wonder if using an ALTER TABLE query might work.  Maybe I’ll roll back and try that.  I’ll post any update here.

SQL Modeling talk at the Central Ohio Day Of .NET

Thanks to Mike Wood and others for asking me to give my SQL Modeling talk at CODODN.  Events like CODODN are important, because they bridge the gab between local events and the larger regionals like CodeMash.  Smaller groups sometimes mean better hallway conversations and the like.  Kudos to all those who participated in getting this together.

Anyway, here is the solution (WarehouseManagementSystem.zip (2.65 mb)) from my talk.  No slides for this talk, just a little talking and a lot of coding.  Get the bits from the SQL Modeling Website, and make sure you have SQL Express 2008 installed.

 Thanks to all who attended; good questions and insight.

New lockpicking book coming out by the guy who taught me

Deviant Ollam, the guy who taught me (and Gabrielle) how to pick locks at Defcon 15, has a new book out, Practical Lock Picking: A Physical Penetration Tester's Training Guide.  I recommend that everyone get a copy, without ever having seen a page of it.  Fact is, Deviant has a passion for teaching - and not just lockpicking.  He is a wealth of information and a guru of many topics.  What's more, he is so very good at expressing them. 

Anyone who has been to Columbus L.I meetings and seen me to an intro presentation knows that I use DOs Intro to Lockpicking deck that he gives at Defcon.  His site, www.deviating.net/lockpicking, is a wealth of information.  His presense at the carious hacker cons has done more to spread locksport than most.

If you have an interest in physical security, I pre-recommend this book.  Too bad Syngress did it, and I wasn't allowed to write Lockpicking for Dummies.  Oh well.

SQL Modeling at the IEEE

Thursday night I had the honor of giving my new talk “Software Modeling with ASCII, and no I’m not kidding” to the Columbus Computer society of the IEEE.  They were very welcoming and enjoyed the talk, and had a number of comments about the technology and its use.

I start the talk with what essentially be the first chapter of Professional Software Modeling.  WE cover the problems with current modeling systems, and the timeline for modeling and object/relational mapping

The bulk of the talk is effectively a demo of deploying a database and entity classes form a simple model and then generating an ASP.NET MVC web site from the model.  It is similar to the hands-on-lab at the PDC, with the Mini Nerd Dinner. 

Right off the bat, a listener pointed out that we HAVE these tools already.  Don’t we have XML?  What’s wrong with that?  Tools like WSDL and EDMX solve these problems, and are human readable! Why do we need something else?

I agreed in principle but I pointed out that not many people think that XML is not human readable any more.  The sample code was, but the 150,000 line long files that end up getting used are NOT.  Especially when there are only about 1,500 important lines in the file.

The XML is still there, I assured everyone, and the model was still in EDMX.  M is just a way to work with the model that is a little more succinct than the XML.  Additionally, I pointed out, there are more semantic pieces to M that we hadn’t gone over.  We had done the nouns, but there are verbs too, if you get my drift.

As we went over how an M model looks in the M file, and how the final database and domain classes look, someone asked the obvious question.  It’s the same question that I asked last fall.

“Great!  What do I do with an EXISTING application?”

I don’t have a good answer for that.  Would I like to be able to take an existing application’s database and look at the representative M file?  Yes.  Can I?  I am not sure I can.  That is an open question.

Honestly, I haven’t taken the time to look into the story for existing applications.  Fact is, most application development is adding features to existing applications and I don’t know how M fits into that.  If it is going to be a good modeling tool for existing application there needs to be a reverse-engineering story, and I hope there is.  I mean, you can always make a model from an existing database, but I am not sure that is enough.

The last discussion we had was about potential.  Specifically – what is Microsoft doing to support hte wide adoption of this product?  How about multiple datasources?  What if I need to model an identity system, where there is an Active Directory, an LDS and a database with identity information?  Can I model that in M?

No, I answered.  Right now M is shackled by EDMX, which really only has a provider for SQL Server and Oracle.  It is theoretically possible to enhance the M modeling superstructure to handle a multi-source database, but it isn’t done yet.

In general, everyone loved the talk, and I am looking forward to cleaning it up a bit and giving it a few more times.  Thanks to Jack Freund and the IEEE Computer Society for allowing me to speak!  Hope to see you all again sometime!

The Build Button

At Code and Coffee yesterday, Tim Wingfield suggested that I blog about my Build Button, so here it is.

A while back I got myself a Griffin Technologies PowerMate.  This device is designed as a multimedia controller.  Read: Volume knob.  It has six events:

  • Turn left
  • Turn right
  • Press
  • Press and hold
  • Press and turn left
  • Press and turn right

 I left the Turn left and turn right events violume for Media Player, but I set Press to be <CTRL> + <SHIFT> + B

That's right, build, baby.

So, when I get to finidh a method, I can just up and smack the button, and the project compiles.  It's quite an experience.  I used to have Press and hold set to <F5> but now I think I will have it run the unit tests since that is how I tend to develop these days.

Any, it's not a cheap thrill at $45, but I still think it is worth it.

By the by - i also have an Optimus Mini Three, which I recommend for the remarkably high geek factor.


Getting started with Identity Services

I find myself needing to write a federated identity proof of concept for a client of ICC.  I got started with three downloads:

I wanted to get a good foundation, so I started with the training kit.  As an author, I heavily recommend everyone do this.  The days when you could just jump in and start hacking are long gone.  There are frameworks on top of frameworks in today’s development environments and learning the right path is paramount.

Getting started with a lab

The lab I started with was Web Sites and Identity, becasue it solved the particular problem that I needed solved.  Your might be different.  The prerequisites included:

  • Microsoft® Windows® Vista SP2 (32-bits or 64-bits) , Microsoft® Windows Server 2008 SP2 (32-bit or 64-bit), Microsoft® Windows Server 2008 R2, Microsoft® Windows® 7 RTM (32-bits or 64-bits)
  • Microsoft® Internet Information Services (IIS) 7.0
  • Microsoft® .NET Framework 3.5
  • Microsoft® Visual Studio 2008
  • Microsoft® SQL Express 2005 (or later)
  • Microsoft® Windows Identity Foundation Runtime
  • Microsoft® Windows Identity Foundation SDK

The basics needed to be present, but things like Powershell permissions and IIS 7 configurations have built-in installers that ran easily ran from the dependency checker. 



You are then asked to install snippets for code and XML.  I put them in the My Snippets folder for Visual Studio 2008.


After installing a few certificates, the labs were set up and ready to go.

Working the lab

In working with the lab, it seems that the setup scripts failed to supply the SSL binding for the default web.  I learned a fix in this ScottGu post after making this post to IIS.net

to fix it you just need to go to IIS7 and do these steps:

  1. Select the Default Web Site
  2. Click Bindings… under Edit Site on the right hand command panel
  3. Click the https binding and click the Edit… button

  4. You’ll see that SSL Cert dropdown has No Binding Selected.  Change it to STSTestCert.

  5. Click OK and Close.

That’s all there is to it.  The site will no longer give you Cannot connect errors.

Anyway, I like the lab and I like the WIF.  Generally, it has the same problem as all of the W*F patterns that Microsoft provides.  It is configuration over convention and there are SO many options that it is confusing.  WIF tries to be everything to everyone.  To find the exact situation that suits your needs will require a little digging through the lab.

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.



profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites