Posted by Sandeep Chanda
on June 22, 2016
While there are several scenarios that may require you to run .NET code from within Node.js like- programming against a Windows specific interface or running a T-SQL query, there could be possible scenarios where you might have to execute a Node.js code from a .NET application. The most obvious one is where you have to return results from the .NET code to the calling Node script using a callback function, but there could be other possible scenarios like hybrid teams working on processes that run both Node and .NET applications. With Node.js getting a fairly large share of the server side development in recent years, the possibility of such hybrid development could become commonplace.
Edge.js really solves the problem of marshalling between .NET and Node.js (using the V8 engine and .NET CLR) thereby allowing each of these server side platforms to run in-process with one another in Windows, Linux and Mac. Edge can compile the CLR Code (it is primarily C#, but could compile any CLR supported language) and provides an asynchronous mechanism for interoperable scripts. Edge.js allows you to not only marshal data but JS proxies, specifically for .NET to the Func<object, Task<object>> delegate.
To install Edge.js in your .NET application, you can use the NuGet package.
Once you have successfully installed the package, you will see the Edge folder appearing in your solution.
You can then reference the EdgeJs namespace in your class files. The following code illustrates:
Posted by Gigi Sayfan
on June 16, 2016
In today's information-rich world, people read more than ever. We are constantly bombarded with text. Software developers, in particular, read a great deal. But, what part do books play in all this reading? Also, what is a book exactly these days?
I was always an avid reader. I read a lot in general and software development related books were my preferred channel for improving my knowledge and understanding. Back then, the Internet had barely started reaching the mainstream. Companies had libraries and developers had stacks of books on their desks with lots of post-it notes and highlighted sections. Browsing meant physically turning pages in a book. The equivalent of Stack Overflow was asking the department genius. Fast forward to the present — developers have an overwhelming number of options for accessing information — across all dimensions: programming languages, frameworks, databases and methodologies.
The pace of innovation in all of these areas seems to have increased as well. How can a developer make sense out of this abundance? Many developers give up and don't try to understand things in depth. They focus on getting the job done, following architectures and patterns designed by others, using frameworks that encapsulate many operational best practices and assembling together loosely-coupled components. When they need to address a specific problem they look for a similar project on GitHub, a Stack Overflow answer or a blog. This is not necessarily a bad thing. A small number of people write the foundational frameworks and libraries and many other people reap the benefits. This shows maturity and advances in ergonomic design. The 90's holy grail of reuse is finally here. But, that leaves software development books in an awkward position. They are not a useful medium anymore, by and large, for the majority of developers.
There are some books that communicate general concepts well, but most software development books explain how to use a particular framework or tool. Paper books are disappearing fast. Even e-books don't seem to cover these needs. In the past, books tried to keep up-to-date by releasing new versions. But, there is a new trend of "live" books that are constantly updated. This may be the future of software books, but is it really a book anymore?
Posted by Gigi Sayfan
on June 9, 2016
In Rational Tech Adoption, I discussed how to decide about whether or not to adopt new technologies. But that decision is not context-free. There is always a switching cost. If the switching cost is too high, you might forgo potentially beneficial upgrades whose benefits are less than the switching cost.
In order to benefit from new technologies, you need to build agility right into your stack. Can you easily switch your relational database from MySQL to PostgreSQL? How about from MySQL to MongoDB? Can you move from Python 2 to Python 3? How about from Python to Go? Are you running your servers on AWS? Can you move them to the Google cloud platform? How about switching to a bare metal virtual service provider? Those are not theoretical questions. If you build successful systems that accumulate a lot of users who stay around for many years, those questions will come up.
Traditionally, the answer was always, "Nope. Can't switch," and you got stuck with your initial choices or, alternatively, a super complicated project was launched to upgrade some aspect of the system. The good news is that similar to testability, performance and security, if you follow best practices such as modularity, information hiding, interaction via interfaces and build loosely coupled systems, then it will be relatively simple to replace any particular component or technology.
The stumbling block may often be your DevOps infrastructure and not the code itself. The whole notion of DevOps is still new to many organizations and there isn't much awareness regarding the need to quickly switch fundamental parts of your DevOps infrastructure. If you consider these aspects when you build your system, you'll have the chance to reap enormous benefits as your system scales and evolves.
Posted by Sandeep Chanda
on June 7, 2016
SonarQube is a popular open source platform for managing quality in the scope of an application life cycle. It covers the seven axes of quality around the source code, namely — code clones, unit testing, complexity, potential source of bugs, adherence to static rules, documentation in the form of comments, and architecture and design. The beauty of SonarQube is not only its ability to combine matrices for better correlation and analysis, but also to mix them with historical results. SonarQube is extensible using plugins and provides out-of-the-box support for multiple languages including C#. It also offers a plugin for MS Build, letting you integrate SonarQube with Team Build definitions in TFS and making code debt analysis part of your build definitions.
To configure SonarQube for TFS, first you can download SonarQube.
Next you can download the C# and MS Build plugins.
Note that you will need Java running on your system to configure and run SonarQube.
Extract the downloaded package to a local folder in your system and place the C# plugin jar file under the extensions\plugins directory. Run the StartSonar.bat file in the bin folder to start the SonarQube server. SonarQube by default runs on the 9000 port. Once the server is started you can navigate to the http://localhost:9000 url to access the SonarQube portal.
Next extract the MS Build plugin package to a local folder and verify that the sonar.host.url property in the SonarQube.Analysis.xml file has the correct SonarQube server address configured.
You are now ready to configure SonarQube analysis with your TFS Team build definition. Modify your team build definition to set the Pre-build script path under advance properties to the full path to MSBuild.SonarQube.Runner.exe file. Also set the Pre-build script arguments to contain the following four arguments:
- /k: [the project key of the SonarQube project]
- /n: [the project name]
- /v: [the project version]
Also set the Post-test script path to the full path to MSBuild.SonarQube.Runner.exe, and the Post-test script arguments to contain the argument "end".
You are all set. Once you run the build, in the build report you will see the SonarQube analysis summary and a link to see the analysis results that will direct you to the dashboard.
Posted by Sandeep Chanda
on May 27, 2016
Ever since the introduction of ASP.NET MVC and subsequently Web API, there has been some confusion brewing in the .NET Web development community in relation to the versioning practices being followed by the platform developers within the realm of ASP.NET. ASP.NET MVC and Web API spawned their versions different from ASP.NET and continued to release their own in spite of being part of ASP.NET.
Popularity of ASP.NET Forms also took a beating given the ever-increasing demand for ASP.NET MVC and Web API in building enterprise-grade Web applications. This resulted in ASP.NET MVC and Web API garnering more attention from the platform developers and ultimately resulting in them releasing more frequent versions. The release of ASP.NET 5 only added to the confusion with vNext also being a term used interchangeably.
Sometime during the beginning of this year, the ASP.NET platform development team decided to drop this nomenclature and agreed to completely rebrand ASP.NET as ASP.NET Core 1.0. This came riding quickly on the heels of rebranding .NET as .NET Core. Now it is no longer a newer version of an existing Web development framework, that is better and bigger than its predecessor. It is a completely brand new Web platform written from the ground up for .NET Core. It is actually much more lightweight than ASP.NET 4.6.
While the Core 1.0 version is not as complete as 4.6, with the release of RC2 a few weeks back, the framework is really coming close to general availability. There are significant gaps still in what 4.6 offers, and what is available in Core 1.0, but it is a unified platform, nevertheless, with MVC and Web API being part of it and not being branded as separate frameworks. This is very promising indeed!
The biggest change in RC2 is that there is a new .NET CLI, that replaces DNX- the unified .NET library for running applications in Windows, Mac, and Linux. RC2 has also updated the hosting mechanism to a console app, giving developers more flexibility in controlling the way their Core app will run and making the tool chain consistent for both .NET Core and ASP.NET Core. ASP.NET Core provides for a
WebHostBuilder class that gives you the power to configure your Web application the way you want it, including the ability to optionally host it on IIS. In addition to some groundbreaking changes, RC2 also gives you the ability to host your ASP.NET Core applications in Azure.
A paradigm shift in Web development is coming our way with ASP.NET Core, and at this point we are eagerly awaiting the RTM release!
Posted by Gigi Sayfan
on May 25, 2016
My favorite Agile methodology, Extreme Programming, has five main values: Simplicity, Communication, Feedback, Respect and Courage. The first four are relatively uncontested — everybody agrees on these four. Courage is different. Courage ostensibly flies in the face of safety, security, stability and risk mitigation. But, this is not what courage is about. Courage is actually about trust. Trust yourself, trust your team, trust your methods and trust your tools. But, trusting doesn't mean being gullible or blindly trusting things will somehow work out. Your trust must be based on solid facts, knowledge and experience. If you have never done something you can't just trust that you'll succeed. If you join a new team you can't trust them to pull through in difficult times. Once you gain trust, you can then be courageous and push the envelope knowing that if anything goes wrong you have a safety net.
When trying something new, always make sure you have plan B or a fallback. Start by asking "what if it fails?" This is not being pessimistic. This is being realistic. Sometimes, the downside is so minimal that there is no need to take any measures. If it fails, it fails and no harm done. Let's consider a concrete example: suppose you decide with your team that you need to switch to a new NoSQL database with a different API. What can go wrong? Plenty.
The new DB may have some serious problems you only detect after migration. The migration may take longer than anticipated. Major query logic may turn out to depend on special properties of the original DB. How can even think of something like that? Well, if your data access is localized to a small number of modules and if you can test the new DB side-by-side and you have a pretty good understanding of how the new DB works, then you should be confident enough to give it a go. To summarize — being courageous is not taking unacceptable risks and being impervious to failure. It is taking well-measured risks based on sound analysis of the situation and full trust that you know what to do if things go south.
Posted by Gigi Sayfan
on May 18, 2016
Software is infamously hard. This notion dates back to the 70s with the software crisis and the "No Silver Bullet" paper by Fred Brooks. The bigger the system, the more complicated it is to build software for it. The traditional trajectory is build a system to spec and watch it decay over time and rot until it is impossible to add new features or fix bugs due to the overwhelming complexity.
But, it doesn't have to be this way. Robust software (per my own definition) is a software system that gets better and better over time. Its architecture becomes simpler and more generic as it incorporates more real world use cases. Its test suite gets more comprehensive as it checks for more combinations of inputs and environment. Its real-world performance improves as insights into usage patterns allow for pragmatic optimizations. Its technology stack and third-party dependencies are getting upgraded to take advantage of their improvements. The team gets more familiar with the general architecture of the system and the business domain (working on such a system is a pleasure so churn will be low). The operations team gathers experience, automates more and more processes and builds or incorporates existing tools to manage the system.
The team develops APIs to expose the functionality in a loosely coupled way and integrates with external systems. This may sound like a pipe dream to some of you, but it is possible. It takes a lot of commitment and confidence, but the cool thing is that if you're able to follow this route you'll produce software that is not only high quality but also fast to develop and adapt to different business needs. It does take a significant amount of experience to balance the trade-offs between infrastructure and applications needs. If you can pull it off, you will be handsomely rewarded. The first step in your journey is to realize the status quo is broken.
Posted by Sandeep Chanda
on May 16, 2016
The Azure Internet of Things team has recently open sourced the gateway SDKs that can be used to build and deploy applications for Azure IoT.
There are two classes of SDKs that have been made available. The device SDK that allows developers to connect client devices to the Azure IoT Hub and the service SDK that enables management of the IoT service instances in your hub. The device SDK supports a range of OSes running on low fidelity devices that typically support network communication, have the ability to establish a secure communication channel with the IoT Hub, are able to generate secure tokens for authentication and have a minimum of 64 KB RAM as the memory footprint.
The device SDK is available in C, .NET, Java, Node.js, and Python, while the service SDK is currently available in .NET, Node.js, and Java. In order to register clients using the device SDK, you will first create an IoT Hub instance in Azure using the management portal and then use the connection string of your IoT Hub to register a new device. If you reference the .NET SDK, you can use the
Microsoft.Azure.Devices.Client library that exposes various methods to interact with the gateway such as the
Create method to create a
SendEventAsync to send an event to the device hub. The
Microsoft.Azure.Devices.Client library supports both AMQP and HTTPS protocols. The messages can also be sent in batches using the
SendEventBatchAsync method that will send a collection of
Message to the device hub.
The services SDK is available as the
Microsoft.Azure.Devices library. You can use the
RegistryManager class to register a device:
To receive device-to-cloud messages, you can create a receiver using the
EventHubClient class and use the
ReceiveAsync method to start receiving event data asynchronously.
You can clone the IoT Gateway SDKs repository from GitHub and customize it for your own gateway solutions using Azure IoT.
The Azure IoT Gateway is promising because, while developers can connect their devices to IoT platforms, there are many scenarios that require edge intelligence, e.g. sensors that cannot connect to the cloud on their own. The IoT Gateway SDKs make it simple for developers to develop on-premise custom computation wherever a standard solution doesn't work.
Posted by Gigi Sayfan
on May 12, 2016
"Debugging is twice as hard as writing the code in the first place. Therefore, if you write the code as cleverly as possible, you are, by definition, not smart enough to debug it." — Brian Kernighan (co-inventor of the C programming language).
You shouldn't take it literally of course, but there is a grain of true to both parts: debugging is harder than programming and also, if you write your code too cleverly, you'll have trouble debugging it. One lesson to take away is that you should write clear and simple code that is easy to understand and troubleshoot when something goes wrong.
Another way to look at it is that when something does go wrong you want all the help you can get to fix it. One of the main the Agile practices is pair programming, where two programmers collaborate in front of a single screen and keyboard — probably the least popular in the Agile arsenal. However, pair debugging is taking all the goodness of pair programming into the debugging experience. You don't have to feel you're all alone against the inscrutable code. Your partner will help you through tight spots and see things you don't notice. Sometimes just explaining the problem to your partner may shed a light on what's going on. I've had a very good track record where the combined efforts of the pair found the root cause after a single programmer was stuck for a long time banging their head against the metaphorical wall.
My recommendation would be that when you face a difficult problem, try to solve it on your own, but as soon as you run out of ideas or feel overwhelmed call in the cavalry. Describe what you know and what you have done so far and you'll be surprised that often that alone will get you unstuck. If not, your partner will probably have some ideas regarding how to move forward. Happy pair debugging.
Posted by Sandeep Chanda
on May 5, 2016
During the Build 2016 conference, Vittorio Bertocci, the Principal Program Manager at the Microsoft Identity division announced the availability of a new authentication library named MSAL (Microsoft Authentication Library). It is poised to become one unified library that provides a single programming model for different identity providers such as Microsoft Accounts, and Azure Active Directory.
MSAL finds its origins in ADAL which was tailored to work exclusively with Azure AD and ADFS. MSAL is better in terms that it supports apps, agnostic of the authority mechanism being MSA or any Azure AD tenant. It also provides better protocol compliance and overcomes some of the issues with ADAL such as working with cache in multi-tenant applications. Another feature that makes it a universal identity provider is that it supports standard definition scopes instead of resources that are proprietary to Active Directory. With MSAL you don’t need to know native protocols like OAuth and Open ID Connect. It provides the necessary wrappers for you to program with the library and perform identity related operations at a high level without having to know a lot of details about the native protocols. Notably multi-factor authentication is supported out of the box. Overall, however, the most fascinating feature of this library is the ability for the app to ask for permissions incrementally and support transparent refresh tokens.
The two primary operations exposed by MSAL are:
- PublicClientApplication — used for desktop clients and mobile apps
- ConfidentialClientApplication — for server side apps and other web based resources
You can start using MSAL using the new authority endpoint. Note that you need to register your app first and get the client id. The new endpoint supports both personal and work accounts. During the authentication process you will receive both the sign in info and also an authorization code that can be used to obtain an access token. In a single sign-on scenario, that token can be used to access other secured resources that are part of the same sign-in. The following code illustrates how the ConfidentialClientApplication primitive is used to fetch the token and access the resource securely:
ConfidentialClientApplication clientApp = new ConfidentialClientApplication(clientId, null,
new ClientCredential(appKey), new MSALSessionCache(userId, this.HttpContext));
You can then use the
AcquireTokenSilentAsync method to get the token by asking for the scopes you need.