This was somewhat annoying.

Regular expressions are one huge area where I know absolutely nothing.  I used to get by in my unix days with stuff like "find . -name *fork* -ls {} " but that's about it.  Tonight I was working on a toy website and got my PasswordRegularExpression right in my <asp:CreateUserWizard/>, however it would still complain about the password.  As it turns out the AspMembershipProvider can specify its own password requirements which trump what you put in your Controls.  Clear as mud.  You can see this in machine.config and override it in your own app if you please:

<membership>

<providers>

<clear/>

<add name="AspNetSqlMembershipProvider"

type="System.Web.Security.SqlMembershipProvider, System.Web, Version=2.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a"

connectionStringName="LocalSqlServer"

enablePasswordRetrieval="false"

enablePasswordReset="true"

requiresQuestionAndAnswer="true"

applicationName="/"

requiresUniqueEmail="false"

passwordFormat="Hashed"

maxInvalidPasswordAttempts="5"

minRequiredPasswordLength="5"

minRequiredNonalphanumericCharacters="0"

passwordAttemptWindow="10"

passwordStrengthRegularExpression="" />

</providers>

</membership>

Seems somewhat annoying for "configurable things that are there to save me time."

Also, I must get a regex book immediately as my lack of knowledge on this topic wasted all of my playtime tonight.

This is a follow up to my previous post.  After today, I have a small distant idea of how NASA must feel when a "trivial" item causes a big problem.  My trucks in Detroit were having issues today, and long support calls were getting me nowhere.  I finally came around to thinking that our data synchronization is time-based (rather than GUID based like Merge Replication) and wondered if I had not setup the Detroit units properly.  All times are convered to UTC on the units so there is no hoo-ha for trucks outside of good ole  GMT - 6 where the server lives, and on my checklist for building new handhelds is a bullet point "Verify time zone".  I did this however forgot to verify Time as well so my units had GMT -5 but the hour set to the same hour as current local time.  A small thing caused a very big SNAFU today.  Obviously I can't trust truck drivers (nor myself, clearly) to not screw up the time on the units and I should automate the system time from the backend.  Things like time-zones for nation-wide deployments will play a larger role in my testing strategy in the future...

One of the cool aspects of doing Mobile systems is that you often get to do a different kind of programming.  There are plenty of business problems to solve with ASP.NET and SQL but I've recently had a very cool opportunity.

A local company is in the fleet fueling business, this means if you are, say, FedEx in Atlanta, they bring fuel trucks around to your lot at night and re-fuel all your Coca Cola delivery trucks.  The fuel is dispensed using control systems in the truck comprised of fuel meters, printers, and other devices.  As you can imagine with oil-based products being very expensive right now, there are a lot of fraud-prevention mechanisms and business rules related to fuel pricing.  I recently completed, and am now supporting in Production, a new Compact Framework based application that controls the control systems on the truck.  There were many cool-yet-annoying requirements on this effort that forced me to defend-or-change some of my software engineering practices: they system has to talk to several different brands of fuel meters to record gallons, meter totalizers, preset delivery amounts, etc.  Each manufacturer has its own protocol and there are no well published APIs or Web Services: binary hex instead.  We also could not be tied to any specific make/model for any of our other hardware: PDAs, wireless to serial bridges, port replicators, CDMA modems, mobile printers.  Supporting Windows Mobile 2003 and raw CE.NET 4.2 on the same codebase along with 4 different flavors of different OEMs' barcode scanners, cold boot procedures, and WiFi registry settings was also a "Lesson in configurability".

Here's a shot of my oh-so-clean and ergonomic development environment with various handheld units:

The most excellent part of this system was interacting with the hardware on a real truck once everything was working.  One great thing about being a developer is changing code and then seeing it dance on the screen; pressing a button to calibrate a Fuel Meter, writing exception handling code that tells hardware to reboot itself, scanning a barcode and then watching Low Sulpher Diesel flow out of a real truck at a pre-determined flow rate, now that's fun, and realy damn cool. I recall a conversation with one great architect who was telling me about his experiences with writing warehouse control code many years ago.  He said words to the effect of "Design and testing take on new meaning when a 'bug' results in boxes piling up somewhere or flying off the end of a conveyor belt with nothing there to catch them."  Working in the hardware world occasionally helps make code and the things the code does more real.  If you ever get a chance to work with a hardware system, don't pass it up, you'll probably be thinking and talking about it for a long time.  I'll never forget my first hardware control system experience working for a local manufacturer.  We had a large "test bench" setup so that we could watch lights blink.  One aspect of the software we wrote was the notion of an Alarm that would occur on a client application if hardware operating parameters were outside norms.  The canonical alarm example was that a processor could overheat.  While we stood around deciding how we could accurately test a real alarm situation, one of the testers pried the heatsync off of said processor with a pocketknife to create the alarm state.  Contrast that with the types of testing we normally see on projects, "If I leave this field blank, it doesn't save" and things like that.

Speaking of test benches, here is a shot of some of my test hardware:

All in all, this is one of the coolest projects I've gotten to work on.  I'll ask for permission to post pictures of the actual fuel trucks. Now I just have to convince them to upgrade to CF2 and SQL Mobile...

Clemens Vasters has posted an interesting article about O/R mapping.  I can admit that I am one of those people who is drawn to the beauty of an O/R abstraction, and have been since first experimenting with Jasmine and PostgreSQL years ago, and the ideas are obviously much older than that.

After exploring my own O/R implementation I must admit that there are problems with the "aesthetics of the abstraction" as well.  You are seldom working with a fully populated domain model, and lazy loading and the like carries with it its own trade offs.  I'm a bigger fan of Code Generation than pure OR mapping these days.  At any rate, read the article if you are interested in O/R mapping

I personally feel that a good debugger and ability to debug is one of a programmer's best friends.  This includes debugging onto Windows Mobile devices via ActiveSync.

Recently one of my clients got Windows Mobile 2005 on some devices we ordered.  I set about making sure our application would run properly on it. This application happens to communicate over a wireless network with several different pieces of hardware using various proprietery protocols.  I have gotten used to cradling the device, starting a new debug session in Visual Studio and watching bytes flow back and forth over sockets with the wireless connection.  This new gem we received (A Symbol MC9090 with 625mhz Xscale) insisted on shutting down the wireless card whenever the device was cradled.  This makes it hard to communicate with my hardware, which is seperated from the corporate network and on its own WLAN for very good reasons.  Assuming this was a setting I could change, I contacted their support and got the following disheartening response:

I also found some MSDN articles alluding to Microsoft's claims that "some of their Enterprise customers" had asked for this feature for security reasons.  I have trouble imagining what type of customer asked for this change, but so be it.  It seems ludicrous that this is not a developer-overridable item.  There do look to be some hoops one can jump through (if one is very nimble) to get debugging over WiFi to work on CE5 based devices.  I could also ruin my test environment by putting it on the corporate network, or get cozy with platform bulider and try to make an OS image that does what I want just for testing.

The developer story for Mobile and Embedded systems could still use some work.

optionsScalper will be giving what is sure to be an interesting presentation on F#.NET at the Wisconsin .NET user's group tomorrow.  optionsScalper has a very serious math background, a scientific mind, and an excellent singing voice.   I like to think of him as someone who's putting the Science back in Computer Science.

He has piqued my interest in F# so I hope to have it installed and working before the presentation so I can follow along.  I won't attempt to describe F# until I've written some, suffice to say it is a different programming model than the stack-based imperative languages most of us are familiar with and thus presents a paradigm that is much more friendly to certain types of problem solving.

I have a small web site I was looking into converting to ASP.NET 2.0 for various reasons *cough resume cough couh* however due to environmental restrictions (corporate politics, not EPA) I have to use MySQL as the data store, and there is an existing schema which is absolutely nothing like the schema the default ASP providers use.  This provided the perfect excuse to dig into some internals and see about providing some Providers. 

Why would one go through the trouble of implementing these interfaces?  First, as you'll see, its pretty easy.  Second, by doing this you can still use all the great plumbing for role-based security and the "Login" and "User" family of controls that ship with ASP 2.  By looking through my machine.config I can see that I'll need to create and configure instances of two abstract classes: System.Web.Security.MembershipProvider and System.Web.Security.RoleProvider.   There are some intermediate classes you could choose to inherit from like SqlMembershipProvider that might save you some time but in my case it seemed quick enough to start at the base class.  Intellisense and the compiler will tell you what methods you need to override.  For example, MembershipProvider requires an implementation for ValidateUser such as:

public override bool ValidateUser(string username, string password)
{
bool valid = false;
EmployeeDataAccess dao = new EmployeeDataAccess();
Employee e = dao.FindByLoginAndPassword(username, password);
...

Simple enough.  If you decide to do this, you may wish to set some breakpoints in methods like RoleProvider.GetRolesForUser and run through your app. 

public override string[] GetRolesForUser(string username)
{
SecurityDataAccess dao = new SecurityDataAccess();
List<string> roles = dao.GetRolesForUser(username);
return roles.ToArray();
}

In my case there is a small performance hit for running this method.  ASP calls this method to validate your access to pages, proces any LoginView controls trim asp:Menu items if you have securityTrimming enabled, and user code could always call Page.User.IsUserInRole("");   sliding expiration in the ASP.NET cache is a good idea here.  Finally, you just need to tell your web application to use your custom providers.  Supposing my security data store is called "IDMS" and my classes are named accordingly, here are my web.config settings:

<membership defaultProvider="IDMSMembershipProvider">

<providers>

<add name="IDMSMembershipProvider"

type="IDMSMembershipProvider"

requiresQuestionAndAnswer="false"/>

</providers>

</membership>

<roleManager enabled="true" defaultProvider="IDMSRoleProvider">

<providers >

<clear/>

<add name="IDMSRoleProvider" type="IDMSRoleProvider" />

</providers>

</roleManager>

So, as you can see, its easy to implement classes to plug into Asp.NET security.

http://www.wi-ineta.org/DesktopDefault.aspx?tabid=89

A former client called me today to ask if I knew anyone with X,Y,Z skills who was looking for a work.  They weren't interested in consultants at this point so I said I didn't off-hand and directed them to the Wisconsin .NET user's group job board at the above URL.  Note that none of these are entry-level jobs that I can tell.  Employers: you are burning the future to stay warm.  You are assuming someone else will do you the favor of training the recent grad and you can scoop them up when they're no longer green.  Everyone else is making the same assumption and the symptom is kids not going into CS related degree programs.  The result is the President noting in his state of the union address that congress needs to let us import "smart folks" for "Jobs that are having trouble being filled here."