Dan Griffin's Blog

Comments on security, PKI, smart cards, cryptography, and entrepreneurship.

New Sample Code Projects

January 22, 2009

Introduction

I’m happy to announce that JW Secure is writing a few new sample code projects for Microsoft. The goal of these projects is to provide timely and useful information to line-of-business (LOB) developers who write code for Windows.

We’re taking a novel approach to preparing and delivering this content. Specifically, each project will include the following resources:

  1. Sample code: This includes the full code and Visual Studio solution files required to build each project.
  2. CodePlex site: The development and release for each project will be driven entirely from CodePlex. We’ll be seeking community interaction in the form of questions, comments, feature requests, bug reports, etc. via the CodePlex Discussion and Feature Tracker pages.
  3. Architectural whitepaper: An article that gives an overview of the project and includes diagrams.
  4. Developer’s blog: A blog kept by the author of the sample, discussing the tradeoffs and learning encountered while writing it.

Why will be providing all of those resources? Because we recognize that different people learn in different ways. Some people, when learning a new technology, like to just dig in and read code, and only read documentation when they’re absolutely stuck! Other people like the MSDN magazine model: you read a textual introduction to the technology and code sample, and then if you’re interested, you download and run the sample. If you’re still interested, you modify the sample and go from there.

In any case, software development is all about learning. And there’s a lot of learning that goes on when researching new technologies and writing new code samples. There are design tradeoffs even in the smallest piece of code, and there will inevitably be “dead ends” as well - that is, a direction or approach that just didn’t work out.

One thing that differentiates senior developers from junior ones is knowing how to make those design tradeoffs, and how to recognize dead ends, even in the context of a new technology. That knowledge comes from hands-on experience, but it can be documented and taught as well.

That’s where CodePlex and the developer’s blog come in. CodePlex is convenient for this because of its Discussion and Feature Tracker features, in addition to its built-in publicly-accessible source control. The blog will, I hope, give us a peak into the developer’s brain (ew!). Plus, the blog posts will be tagged for each project, so that at the end you’ll be able to view all of the posts for each project in sequence.

Blogging

Speaking of blog tagging, the tag “Samples 2009″ will be applied to all posts (including this one) relating to this effort overall. Blog posts relating to the individual projects will use that tag plus another per-project tag. I’ll provide the per-project tag when I post about the separate projects. Those posts will also include pointers to the CodePlex sites.

Design

One final point about what we hope to accomplish with these projects. LOB developers frequently get left behind when it comes to having the tools, training, and budget to create software that not only gets the job done, but also has an attractive and professional-looking user interface. There are several good reasons for this, including prioritization of development effort and budget, as well as lower expectations among consumers of business software, especially when it comes to internal tools.

Those expectations are changing, however. Ten years ago, an enterprise software package for the Windows system administrator would have been expected to include an MMC (Microsoft Management Console) snap-in. Now, as often as not, that management interface is exposed via the browser. The proliferation of Web 2.0 sites and reusable design toolkits is raising the bar on browser-based user interfaces.

How should LOB developers meet those changing expectations, especially in light of the aforementioned budgetary constraints placed on graphic design, as well as the fact that there are some operations that just shouldn’t (for security reasons) be exposed via the browser? Well, there are times when the MMC snap-in is still the way to go. And there are times when other non-browser, Win32 graphical technologies such as MFC (Microsoft Foundation Classes) are most appropriate, especially when it comes to prototyping.

But the future is in technologies such as WPF (Windows Presentation Foundation) and Silverlight: they’re more interoperable, reusable, cross-platform, and offer better separation between design and development. And, importantly for the LOB developer, WPF offers native Win32 execution and browser-like rendering capabilities without having to expose dangerous capabilities in the form of a browser object (such as an ActiveX control).

In light of this, for each of these samples, we’ll be providing a professionally designed WPF client. The hope is that LOB developers can adapt and extend these interfaces for their own purposes, and that next time they prepare a demonstration of a new internal application for their managers or users, the response will be, “Wow!”

Permalink |

2 Comments »

  1. [...] introduced the “Samples 2009″ project series in this post. This - Web Password Storage (WPS) - is the first project of the series. An introduction to WPS, [...]

    Pingback by Dan Griffin’s Blog » The Web Password Storage Project — January 22, 2009 @ 8:33 pm

  2. [...] Purchase Order System (SPOS) is the next project in the “Samples 2009” series introduced in this post. In brief, the purpose of SPOS is to showcase the use of the biometrics features of Windows 7 for [...]

    Pingback by Dan Griffin’s Blog » The Secure Purchase Order System Project — January 26, 2009 @ 6:12 pm

RSS feed for comments on this post. TrackBack URL

Leave a comment