Tip of the Day #4 (Connection Strings in Config files)

From .NET 2.0 onwards a new and improved configuration management system has been put in place. You can now add a <connectionString> element to the config file and use it to place the connection strings to the database and then retrieve then in a consistent way in your application. It supports multiple connection strings too if you need to access multiple databases.

The config file looks like this:

<configuration>
...
   <connectionStrings>
    <add name="Default" connectionString="Server=(local);database=MyDatabase"/>
  </connectionStrings>
...
<configuration>

From the .NET application you can access the connection string like this:

connectionString =
    ConfigurationManager.ConnectionStrings["Default"].ConnectionString;

Just remember to add a reference to System.Configuration in your project and ensure that the code file is using the System.Configuration namespace as well.

Technorati Tags: .net,connection string,config,configuration

SQL Bits III Session Voting and Delegate Registration open

SQL Bits are going for a slightly different take on the registration process this time. You vote for the sessions you want to see at the same time as signing up for the conference. This is quite interesting because it means that you are signing up as a delegate without actually knowing what the final agenda will be. It’s quite exciting really!

If you want to vote on the sessions you want to see and sign up for the conference then you can head on over to the SQL Bits website and sign up. Remember to vote for my session while you are there: “Where’s my data? An introduction to Spatial Queries in SQL Server 2008”

Technorati Tags: SQLBits,SQLBits III,SQL Server,conference,community

Banking Scams

Just now I got a spam email purporting to be from my bank. In fact, I get lots of these because I obviously have accounts with Barclays, NatWest, HSBC, HBOS, RBS, CitiBank, WellsFargo, Clydesdale, Caja Madrid, ING, and a whole host of others.

Obviously some people are still fooled by them, otherwise they wouldn’t still be sending them out after all those years. In fact, the mails do look like they could be authentic. The from address appears to be from the right place, the wording looks like it could be from my bank, and it gives me a link that looks like the one I log on with. However, it is still a scam.

I’m guessing the normal readership of my blog, mostly software developers, would be able to spot a scam like this fairly easily, but for anyone arriving via Google direct to this page and are looking for some tips for spotting a scam here goes:

Here is the body of a scam email I received:

Dear Customer,
Royal Bank. always look forward for the high security of our clients. During our regularly scheduled account maintenance and verification procedures, we have detected a slight error in your account information.This might be due to either of the following reasons:
1. A recent change in your personal information.
2. Submitting invalid information during the initial sign in process.
Due to this, you are requested to please update and verify your information by clicking the link below:

https://www.rbsdigital.com/default.aspx?

*Important*
We have asked few additional information which is going to be the part of secure login process. These additional information will be asked during your future login security so, please provide all these info completely and correctly otherwise due to security reasons we may have to close your account temporarily.
We thank you for your prompt attention to this matter. Please understand that this is a security measure intended to help protect you and your account. We apologize for any inconvenience.

Security Advisor
Royal Bank Of Scotland.

Please do not reply to this e-mail. Mail sent to this address cannot be answered.
For assistance, log in to your Royal Online Bank account and choose the “Help” link on any page.
Royal Bank Email ID # 1009

I’ve highlighted some of the text in red, as I’m going to talk about it.

First off, “Dear Customer”, really?! – how impersonal, surely you already know who I am? If the email is so general that they’ve used “Dear Customer” then they’ve obviously sent it to everyone and they really haven’t a clue what there systems are doing. No bank should be that clueless.

Next is the dot after “Royal Bank”. That’s not the end of a sentence. It isn’t even a sentence (it contains no verb). Perhaps they are using the “.” to signify an abbreviation of sorts, but I’ve never seen any Royal Bank communication do that. In fact, I’ve never seen anybody do that for “Royal Bank”.

“Look forward for” is grammatically incorrect, you look forward to things, not “for” them. And why would they be looking forward to the high security of their customers. Surely that already exists. The bank has been around for about 300 years, I imagine after all that time they must be doing something right with regards to security.

You also have to ask yourself, why would the banks processes be so bad as to cause an error for the reasons stated?

Next is the URL (the web address) given to you in order to log in. Hover over it and look in your browser’s status bar. Did you notice that the status bar says something different to what you see on the page? I’ve altered the real address so people don’t inadvertently use it, but you can see it doesn’t match the bank’s real address.

Now, they are asking for additional security information during the log in process. Many banks only ask for random bits of information during the log in process. Like one time they’ll ask for your mother’s name, the next they’ll ask what the first school you went to was, and so on. The spammers obviously need to know all the information so that when they get presented with the real random question they’ll be able to answer correctly.

Finally, why would they close your account temporarily? A bank would never actually close an account for a potential security violation. They may suspend it, or remove access to it, but never actually close it.

So, here are some tips:

If you receive an email purporting to be from your bank, don’t click on any links in it.
If your banks log on procedure appears to be different from the previous time, check with the bank themselves. They may have updated their website, or it may be a scam, best to check.
When you log in, ensure that the address in your address bar is the one you expect, and that it is a properly secure connection. There will be a padlock on the address bar or in the status bar (depending on which browser you have)
Banks are generally fastidious about grammar and spelling in any communication they send out. It makes them look highly unprofessional if they weren’t. So check any emails for grammatical or spelling errors.

Technorati Tags: scam,spam,bank,security

Functional Programming in C#3.0

Oliver Sturm spoke to to Scottish Developers in Glasgow earlier this week to a packed room! His topic was Functional programming in C# 3.0.

The feedback was overwhelmingly positive and he received comments such as “Great code examples” and “very worthwhile”. So, if you missed last nights session, or you just want to review the code at a more leisurely pace then Oliver has them on his blog: http://www.sturmnet.org/blog/archives/2008/03/14/devweek-session-slides-and-samples-and-info/

Oliver is also talking to VBUG in Livingston next week on the topic of F#. For more information: http://www.vbug.co.uk/Events/July-2008/VBUG-SCOTLAND-F-with-Oliver-Sturm.aspx

Finally congratulations to everyone who won prizes last night from the T-shirts right up to the MSDN Premium Subscription.

Technorati Tags: scottish developers,functional programming,c#

Tip of the Day #3 (Ultimate How To Guide)

Today’s tip is the ultimate how to guide on being a programmer. It seems to explain almost everything. If, once you’ve read it and want more it also suggests 4 excellent books to read in chapter 1.

SQL Bits III – Call for Speakers

Session submission is now open for SQL Bits III. SQL Bits III will take place on Saturday 13th September in Hatfield, Hertfordshire.

Also, if you are feeling particularly artistic they are also running a competition to come up with a new logo.

Technorati Tags: SQL Server,SQLBits,conference,hatfield,competition

Tip of the Day #2 – (Debugging into the .NET source code)

Today’s tip is that you can configure Visual Studio to step-into the .NET Framework.

Here’s some background: A while ago Scott Guthrie announced that the source code to the .NET Framework was now available. And Shawn Burke detailed how to actually configure Visual Studio 2008 to debug into the .NET Framework.

Event Organisation – The Feedback

This is the first post in a series of random thoughts on community events that I’m writing based on my experience running a user group and the Developer Day Scotland conference.

In this post I’ll concentrate on receiving feedback.

Photo by Craig Murphy

First, I should like to concentrate on the management of feedback. If the event asks people to fill in feedback then it should be collated and returned to the speaker as soon as possible. For my user group meetings I try and ensure that when I get home afterwards I collate the feedback and email the speaker before I go to bed. The quicker the speaker can receive the feedback the quicker they can see how they did. The closer to the event the more they will remember and the better they will be able to evaluate the feedback effectively. For Developer Day Scotland I got the feedback out to all the speakers within 3 days.

If the speaker doesn’t receive their feedback after a number of weeks they they are most likely to have forgotten specific incidents during their presentation. The guy that writes “Loved the quip about…” or “It was most annoying when you…” has effectively wasted their time if you, as a speaker, can no longer remember making the quip or doing the annoying thing. The quip may have been an off the cuff remark made in the moment that you could have incorporated in to your future presentations – If you can’t remember it, then you’ve lost the opportunity to re-use it and entertain as well as educate. Similarly, if you can’t remember the annoying thing then the comment about it won’t help you so much. It isn’t easy to purge annoying habits if you don’t remember doing them or associate a particular habit as being annoying.

Bottom line on this point is to get the feedback to the speakers promptly. Devote time to collating it and delivering it to speakers. The sooner the better.

It’s all very well and good saying that but how do you turn around the feedback quickly?

If you have a paper based feedback system in place where you are collecting feedback after each session, you can have people help you input that into excel or a database. That will help you get the feedback processed quicker. In this case many hands make light work.

From personal experience, I don’t recommend the online feedback that happens after the event. This style of feedback takes longer because you are waiting on the attendees actually fill it in. Some might do it promptly, others might take their time, and some will just plain forget. From an organiser’s perspective, the online feedback may seem to be an easy win; it is much easier to collate as it is done online so the database is being populated by the actual attendees. Of course, as the feedback is filled in after the event the attendees recollection starts to fade.

If you want to get as many people to fill in the feedback as possible I’ve found that basing prize draws on the feedback forms submitted encourages more people to fill in feedback. For events such as Developer Day Scotland we had some prominent sponsors offer us developer tools as giveaway item. But smaller items such as books, T-shirts, mice can do just as well for user group meetings.

Having been responsible for collating feedback for a variety of speakers I’ve seen a fair amount of variety in the comments. However, I have to admit that I’ve never had a stunningly bad speaker at any of my events yet. For the most part feedback is positive. The audience generally really does want the speaker to succeed and will often give some leeway for things that go wrong that is out of the control of the speaker.

I’ve also found that there are a few really angry people out there who only ever give bad feedback. So, if you are a first time speaker and you’ve got one of those nutters at your session try not to take it too personally. I’m not going to go on at length about how to interpret feedback as Barry Dorrans, an experienced speaker at DDD and other events, has an excellent post on the subject on his blog: Is “bad” feedback the best feedback?

Finally, there is feedback form itself. What do you ask people? How do you want the results. There are two main types of answer, in my opinion. The first is the tick-the-box style where you just tick the box for the score out of 5 (or 10) on a particular aspect. The second is a question that requires a text based answer, a few words or a couple of sentences.

For the event organiser the questions that ask people to tick a box are often better because it means that when you collate all the feedback together you can rank the speakers. I did this for Developer Day Scotland (and published some of the results.) You can set a base line where you say, if anyone drops below this line they don’t get invited back, or if anyone goes above that line they are automatically accepted next time. Or, if you are like NxtGenUG you can use these scores to give out prizes to the best speakers.

From the speaker’s perspective the text based answers are often better because they give a greater variety of feedback and allow the evaluator to express themselves. This can be used to tell the speaker what they did well, to show appreciation, to point out a negative aspect, or to suggest a way to improve. The wide variations in what people can put would rule out giving them tick-boxes to mark off.

For the text based answers the questions have to be open. They have to encourage people to say what ever they want to say without constraining them into thinking that something isn’t important because it wasn’t asked for directly. I often reduce it to just two questions. “What did you like?” and “What didn’t you like?” And other times I’ll also include the catch all “Are there any other comments you’d like to make?”

Hopefully you’ve found this useful for your own events, or perhaps you have your own comments you’d like to add. Either way I’d welcome any feedback so feel free to leave a comment.

Scottish Developers Newsletter – June 2008

Welcome

As the last newsletter came out a little late the time to this newsletter seems quite short. However, that doesn’t mean there isn’t lots of good stuff happening. We are filling out our programme of events until the end of the year and have some quite exciting things lined up. Some things are still in the planning stage so there isn’t much to tell and its subject to change, other things are a little more advanced. You can see what’s on the horizon in the “Further Afield” section below.

One of our members (Paul Cowan) has a job opening at the moment. If you are a C#/ASP.NET developer looking for a job in Glasgow then he would be interested in your CV. For full details see the website.

If you are a “Girl Geek” and would like a chance of winning a one year MSDN Premium Subscription then head over to the “Girly Geekdom Blog” and enter the competition.

Glasgow Caledonian University are in the planning stages of a Postgraduate course on .NET Application Development. If this is something you think you might be interested in, or if you know someone that might be interested in it then they are running a survey to find out what people would want from such a course. The survey can be found here.

As always, we are on the look out for new speakers. If you would like the opportunity to do a presentation on a software development topic from 10 minutes to 90 minutes then get in touch with me at colin@scottishdevelopers.com.

Regards,
Colin Mackay on Behalf of Scottish Developers

Events

8-July-2008 @ 18:30 in Glasgow (Scottish Developers)
Functional Programming in C# 3.0
FREE – Registration optional

The newest version of C# introduces a number of language features that finally make it very easy to employ a functional style of programming. However, from the perspective of an imperative programmer, there are lots of questions surrounding functional programming. Why would I want to do it at all? Should I drop all state information in my apps? What useful functional patters are applicable to C#? In this session Oliver Sturm uses many practical examples (and some theory) to try and answer these questions.

16-July-2008 @ 18:00 in Livingston (VBUG)
F# with Oliver Sturm
FREE – Registration Required

Taking efficiency one step further – F# Microsoft Research describes F# as “a scripted/functional/imperative/object-oriented programming language”. Combining all those aspects in one language is certainly not an easy task, but they’ve done a good job of it. F# is interesting both as a language to actually consider for your projects and as a source of features that might make it into the mainstream .NET languages tomorrow. The session uses many examples to give you a good general overview of F#. To complement the introductory session, Oliver is going to show some more advanced samples from his talk “Data Handling in F#” and there will also be room for Q&A as well as discussion.

Further Afield

September:
SQL Bits III (Hatfield)
Paul Cowan talks about using ALT.NET technology (Glasgow)

October:
Frank Kerrigan talks about SSIS (Glasgow)

November:
VBUG Conference (Reading)
TechEd Developers (Barcelona)
Developer! Developer! Developer! (Reading)

December:
Andrew Westgarth on ASP.NET development on IIS7 (Glasgow)

Useful Links

Firefox 3: The browser that has it all (apparently). And Microsoft’s IE team sent a congratulatory cake to help the Mozilla guys to help them celebrate.

jQuery UI 1.5: One API to rule them all! jQuery is a JavaScript library that simplifies how you traverse HTML documents, handle events, perform animations, etc.

Sponsor’s message

SQL Know How are offering top quality SQL Server training courses at excellent value. Not only is the price great, but by entering the site from the links in this newsletter or on the Scottish Developer’s website you’ll get an additional 5% off the price. Their upcoming courses include the following

Best Practices in Performance and Availability for SQL Server 2005/2008
Kimberly L. Tripp and Paul S. Randal 1st – 3rd September 2008 Hatfield, Hertfordshire

Indexing for Performance in SQL Server 2000/2005/2008
Kimberly L. Tripp and Paul S. Randal 8th – 9th September 2008 Edinburgh

Smart Database Design
Paul Nielsen 22nd – 23rd September 2008 Hatfield, Hertfordshire

Smart Database Design
Paul Nielsen 29th – 30th September 2008 Edinburgh

SQL Server Data Storage Formats: Internals, Performance and Best Practices
Kalen Delaney 3rd November 2008 Harpenden, Hertfordshire

SQL Server Concurrency Control: Locking, Blocking and Row Versioning
Kalen Delaney 4th November 2008 Harpenden, Hertfordshire

SQL Server Data Internals and Tuning
Kalen Delaney 5th – 7th November 2008 Harpenden, Hertfordshire

SMALL PRINT: You are receiving this message because you signed up to receive information from Scottish Developers at an event. If you no longer wish to receive information from us please reply to this email (colin@scottishdevelopers.com) and ask to be removed from the list.

Tip of the Day #1 (Connection Strings)

You can add the Application Name to the connection string for SQL Server so that it becomes easier to debug problems when you use a tool like SQL Profiler as it will be much easier to identify the commands being issued by your application.

For more information see Ben Hall‘s blog: SQL Connection – Application Name

Technorati Tags: .net,connection string,sql server