No Address Bar

Did Internet Explorer 9 just innovate the browser UI? I mean, IE9 has one of the most beautiful UI’s so far, it really is nice. All minimalist. It’s address bar is hardly noticeable. And now, Chrome suddenly hides the address bar, and wait, what? FireFox is hiding the address bar too?

It’s been a long time (if at any time) that IE lead the browser wars, but I think IE9 started this trend with the minimal address bar, no?

Why We Wouldn’t Consider Your Startup

*Warning: if you’re a .Net developer, this will piss you off…a lot.

Here’s a lovely blog post written by somebody who clearly knows nothing of what he speaks. It’s titled:

CEO Friday: Why we don’t hire .NET programmers

Living in an age where bloggers can muse on any topic for an audience of millions is great, but it’s poorly-researched, half-thought, know-nothing rants like this that really frustrate me. Don’t let the thought process get in your way, just write whatever bubbles up to the top of that otherwise empty head and hit publish.

I don’t know who the author is and I don’t care about his company, I’m just glad he wouldn’t consider me to work at his startup because of the platform I work with, the platform of which he compares to McDonalds, the platform that he’s clearly un-schooled on. Most .Net developers, or any developer for that matter, wouldn’t want to work for a startup with leadership as half-assed as this.

The Perils of Sample Code

As software developers, we have to learn new things all the time. New frameworks come out. Better methods rise to the top and we have to figure out how to use the latest and greatest to keep afloat. For me, that’s a large part of why I love what I do. Discovering new things is part of why I’m attracted to software development. Who doesn’t love improving a practice that’s imperfect, that keeps evolving?

Along the way, we read sample code, tutorials (tuts as they are now called), getting started pages, and we download reference applications. One thing consistently stands out to me when doing research and that’s the sample code disclaimer.

You’ve come across this before, while reading up on how to use the latest ORM: “You wouldn’t want to do this in production, but for this tutorial, this is how we’ll do it.” “Normally, you’d wan’t to white-list this SQL call to prevent SQL injection, but let’s move on.” “You should never trust user input, so, this should be sanitized in production.”

Or, you pull down the latest version of a popular sample application only to find no unit tests. The author of the application took the time to create a README.txt explaining that under normal circumstances, you’d want to write some unit tests before pushing this to production. Thanks for the tip.

What I often wonder is, where’s the sample white-list code, input sanitizer, or how would you unit test this application before deploying to to production? There are a  lot of developers out there who learn by example, but when the details of the example are omitted, where do you turn? Or do you just say (like many developers do) “I’ll get to that SQL injection security later.” Or, “Yeah, I’ll write some tests after I deploy my MVP.”

In my experience, this never happens. The sample code gets borrowed, the app goes to production and the white-list is forgotten, the unit tests are on a TODO list and the the earth turns another rotation. And, I’m not innocent of this charge either. We’ve all put software out there that is likely vulnerable to XSS or SQL injection and it’s not because we’re bad people, it’s because we get caught up in our work and enter a mental-ideal-world-state, where all that matters is getting this thing done now.

The code gets written, low-and-behold, it works on my machine. Elation! Then, the new application gets put out there, into the wild, with all it’s features and flaws. Still, that TODO list goes neglected and the next thing you know, the application fails, or worse, gets hacked, all because you where caught up on the moment and delegated those omitted security tasks to a future date.

Most of us won’t experience the security exploit that our application affords. If we do, we’ve made something valuable and popular. I blame sample code, tutorials and getting started pages for some of the problems with software security and quality. If you’re going to take the time to write a tutorial, don’t shrug off the details with a disclaimer. Include some unit test with your sample app (even just a few to get beginners moving the right direction). How about showing just how you would white-list those POST parameters (or linking to an example)?

My point is, there’s a lot of people out there learning how to write software, use a library/framework and they read your examples, adopt your techniques and borrow your sample code. That code will end up in a real application for better or worse, by a developer that is in The Zone, so make it more complete. I think the overall quality of software would benefit from sample code that could safely run in production. What do you think?

Guthrie Moving to Azure

If you haven’t heard, Scott Guthrie is moving to the Azure group. This could be good. Maybe he’ll help make the platform more attractive to developers. My primary gripe with Azure, on the surface anyway, is that I effectively have to become a platform expert in order to host my application in the cloud.

The “getting started” pages introduce me to a new API, including a new project template. This tells me that my application will be tightly wed to Azure and that’s bad because hosting requirements often change and freedom is good. There are also  many terms to learn like Web Roles, Packages, Services and all the talk of fabric makes me wonder if we are weaving something here.

As a developer seeking cloud hosting, my requirements are simple: A command/click/action that sends my web application to a place where it becomes publically available and expands with demand. That’s it. I don’t want to become a cloud guru and I don’t want to watch more hands on labs.

My hope is that The Gu will bring simplicity to Azure and make it a small step in producing software. Only time will tell. For now, AppHarbor already does what I want and more.

Visual Studio Dark Theme

For the first 6 or so years of my .Net development career, I used the default Visual Studio color theme. I had no interest in customizing it because I thought it worked just fine out of the box; who wants to screw with that anyway? But then, on a consulting gig, a co-worker was showing me some code he wrote, pair programming style, and he was using a dark theme.

Never mind his code, the first thing I said to him was, “what’s up with the darkness?”. He responded that he liked it better, found it easier on the eyes, and pointed me to a dark VS theme. I don’t remember what theme it was, but I remember I thought the contrast was too bright for my taste. So, I looked into finding a more mellow theme, because I couldn’t deny that a blackish background really felt better.

During the search for the best VS dark theme, I cam across ZenBurn (Consolas is a superior font by the way) a variation for VS. It worked, but I soon found that it was not quite complete. For instance, the XAML colors where hideous and JavaScript was bad too.

I took this work and developed it over the years resulting in what I use daily. It’s still a work in progress, but if you use .Net for Web development and you want to try out a dark theme, profit from my labor.

Here’s a copy of my dark theme for Visual Studio (note that this does not include my XAML colors as I haven’t worked with it in quite some time and I’m too lazy to go back and fix it).

**Also, while writting this post, I found this.