Saturday, February 28, 2009
Interstingly, when typing the term "microformats", my hand confuses my brain to type "Microsoft". :) However, it took some period to adopt this standard by major web vendors Microsoft and Mozilla.
What is Microformats?
This is one way of enabling web as semantic. The current web markups are very keen on displaying content on the browsers. As an user we know what is on the page, as a system it just displays it. However, how can develop a system to organize, collect and manage the contents from web pages? Previously, it is impossible. There are millions of terra bytes of content exist in the web. But now, Semantic Web which was initiated by Tim Berner Lee helps us to make this possible.
Microformats are one such standard which reuse existing markup elements to convey semantic of the data. For example, the following snippet shows a hCard telephone contact details.
Oomph
<span class="tel">
<span class="type">home</span>:
<span class="value">+91.044.111090190</span>
</span>
Microsoft Oomph is a toolkit to for web developers, designers and users, making it easier to create, consume, and style Microformats. It comes up with:
- IE add-in to parse Microformats in web pages.
- Pre-defined CSS styles for Microformats.
- A cross-browser HTML overlay for Microformats aggregation.
Thursday, February 26, 2009
In 2004, I had bought "Software Factory" book written by Microsoft techies and it was more conceptual and theoretical. This book approaches the model driven development (MDD) in a different perspective, and introduces software factory and domain specific language (DSL) concepts. The theory was successfully implemented in VSTS. Unfortunately, it was not mature and very inconsistent. The software factory and DSL tools were only used by Microsoft itself. They did not touch the heart of ISVs. Event though, I have used Microsoft's Webclient Software Factory (WCSF) and WCF Service Model Factory successfully and bit consistently in one of our product development. I had really seen the benefit of MDD approach from DSL perspective upfront. However, I am expecting the mature and stable version of this.
Thanks God, Microsoft concentrates more on this and came up with "Oslo". The hot core part of Oslo is Oslo Modeling Language "M". The definition for M in MSDN:
M lets users write down how they want to structure and query their data using a convenient textual syntax that is convenient to both author and read.
With Oslo, Microsoft boosts the software factory concept. You can design and develop your application with UML 2.0 standard using M. M is a textual and declarative language which enables you to write down what you want from your data without worrying about underlying technology and platform. M will compile both on Win and Linux.
In parallel, Microsoft is developing Quadrant, a model designer for M which allows you to design graphically.
You can save your models in SQL Server.
Hope, we can see a smart changes in our SDLC by Oslo.
Wednesday, February 25, 2009
Sans Institute, the largest information security firm in association with software and security giants including Microsoft, Symantec, McAfee, published a hot 25 programming errors under three categories:
- Insecure interaction between components (9)
- Risky resource management (9)
- Porous defenses (7)
- CWE-20: Improper Input Validation
- CWE-116: Improper Encoding or Escaping of Output
- CWE-89: Failure to Preserve SQL Query Structure (aka 'SQL Injection')
- CWE-79: Failure to Preserve Web Page Structure (aka 'Cross-site Scripting')
- CWE-78: Failure to Preserve OS Command Structure (aka 'OS Command Injection')
- CWE-319: Cleartext Transmission of Sensitive Information
- CWE-352: Cross-Site Request Forgery (CSRF)
- CWE-362: Race Condition
- CWE-209: Error Message Information Leak
- CWE-119: Failure to Constrain Operations within the Bounds of a Memory Buffer
- CWE-642: External Control of Critical State Data
- CWE-73: External Control of File Name or Path
- CWE-426: Untrusted Search Path
- CWE-94: Failure to Control Generation of Code (aka 'Code Injection')
- CWE-494: Download of Code Without Integrity Check
- CWE-404: Improper Resource Shutdown or Release
- CWE-665: Improper Initialization
- CWE-682: Incorrect Calculation
- CWE-285: Improper Access Control (Authorization)
- CWE-259: Hard-Coded Password
- CWE-732: Insecure Permission Assignment for Critical Resource
- CWE-330: Use of Insufficiently Random Values
- CWE-250: Execution with Unnecessary Privileges
- CWE-602: Client-Side Enforcement of Server-Side Security
More details about the list, visit here.
Design by contract is a popular approach to designing software. This approach prescribes the software designers should define formal verifications, specification of every components in an application. These verifications and specifications should answer the following questions:
- What does it expect?
- What does it guarantee?
- What does it maintain?
- Acceptable inputs for an operation (method/procedure)
- Pre and Post-conditions
- Return value
- Exceptions
- Side effects
- Invariants (for sub-classes may strengthen)
There are three components available in this release. These are:
- Contract Framework APIs
- Binary Rewriter
- Static Checker
Contract Framework APIs
Contract.Requires() - Pre condition
Contract.Ensures() - Post condition (additional helper methods: Contract.OldValue(), Contract.Result())
Contract.Invariant() - Invariants
ContractInvariantMethodAttribute - Method level attribute, so that we can put all invariant objects into a method.
Binary Rewriter
Normal IL code for the above mentioned APIs cannot be executed at runtime. To provide runtime checking for contracts, you have to use binary rewriter which takes the IL and transforms the contracts so that contracts are executed at the exact programming points.
Get a copy of CodeContract here and user manual here.
