Thursday, November 09, 2006

TechEd - All about the Experience!

Author: Dennis Skantz After spending a couple of days on TechEd in Barcelona it is clear to me that Microsoft now is all about the Experience... User experience for system users (Vistas awesome UI) and deleveloper experience for developers (geat designer tools)... and also... conference experience for delegates to the TechEd Conference... and here I'm thinking about the well planned and executed conference. Microsoft has thought about everything... If you feel thirsty, there are cold drinks everywhere. If you feel cold, they give you a warm nice sweater and to top it all off there are over 250 sessions to choose from! Thats really the only problem here right now. How to select 18 out of 250 all (almost all.. anyway) compelling sessions. Here is what I've learnt so far... Sitecore is way way way ahead! We've been XAMLing now for about a year. Now MS is releasing Windows Presentation Foundation wich is really XAML for windows apps. So for us to adopt WPF is not a hard thing to do. Thank you for that Sitecore! AJAX, AJAX, AJAX! I think I counted 11 sessions about AJAX, that means you could basically spend the whole week just listening to AJAX seminars... This is nothing new to Sitecore partner. Sitecore's been using AJAX for ages. What new now is Microsoft standard framework för AJAX. Comes with a nifty library of clientside scripts guaranteed to work on IE, Mozilla, Firefox and soon Opera (wich can be used stand alone from the Asp.Net Framework) and a lot of AJAX controls to be dragged onto your standard aspx and ascx controls. AJAX is exciting, yes... But is it worth 11 sessions? No. Can we even speak about a AJAX hype? Yes... But still AJAX is cool, and the AJAX library is a good start. For pattern freaks I have good news in the patterns for logics department. You only have to learn three patterns; Call, Queue and Sub/Pub... All other patterns are just variations of these. Of course this is my highly simplified intrepretation of Steve Swarts and Clemens Vasters presentation about Communication, Flow and Logic. For SOA preachers... SOA is not the solutions to all future system design. SOA should be used only in those places in the system where it doesn't relly really slow down the user interface... because... we don't want to spoil the user experience... ;-) For security concerned (arent we all?) I've recently irritated myself on the fact that Sitecore doesnt lock out accounts after x number of failed login attempts. Turns out, thats actually just what the experts suggests. If you have a lock-out function in place, it is really easy to stage a DNS attack against the system. All you have to do is try to login to all accounts and fail doing so and you have soon locked out all editors and administrators from ever reaching the system. So hats of to you Sitecore for that... However, there is still an area where Sitecore (in my opinion) must change and thats in the auditing. It is bad practice not to log failed login attempts. How should you otherwise be able to detect attempted attacks? Sitecore could easily add a bundle of Auditing, and they should, for sake of traceability! Well, thats it for now. My beer is going flat... and there are 50 sessions left to choose between.... /Dennis

4 comments:

Anonymous said...

Some interesting ideas... Looking at the Sitecore security, I guess you are right. Together with Workflow, Document Management and Scalability it are the hottest topics on their agenda I guess.

About AJAX, this hype is recognized and turned down 2 years ago at the web-conferences. MS is just a little late ;).

SOA is jsut another way of creating advanced interfaces. I'm still not persuaded that SOA is the solution which fits all. Several SOA fanatics at the office, but none of them showed me a gigantic standalone SOA solution. Maybe SOA came to early available. Time for v2.0?


Had a good trip anyway?

Dennis S. said...

Yepp, the trip was great! And overall the conference was awesome. I guess you could pick all the boring sessions and have a really shitty time. I managed to picked all the good sessions with one exception... The SML (Service Markup Language session), which was only beacuse of my own ignorance to the subject.

I would recommend all ms developers to attend a TechEd every now and then. Mayby not every year... nah, what the hell, I sure would go every year if I could.

About SOA I guess you're right. Anyway, it is clear now that Ms viewpoint is that SOA is the way to go for Enterprise solutions. And with great new tools in .Net 3.0 it certainly makes it easier on the technical level to get your SOA secure and scalable. I still think the difficulty does not lie in the technical aspect of this, but rather in trying to define your services within your organisation and mapping up those interfaces. Ron Jacobs had a great session about that. He suggested you can think of each service as an autonomous state or country. You don't not want to set up to many interfaces (bordercrossings) cus they cost a shitload of money to build and bundle to operate; customs, passportchecks, securitychecks, securiyguards putting tothpaste in plastic bags, immigration control asking you questions about why, where and so on and so on. Same as in your SOA. Each call to service must be auhtenticated, authorized, be in the correct format, follow the agreedupon contract. Check out Rons blog at http://blogs.msdn.com/rjacobs, a lot of SOA stuff there!

Workflows: Maybe some kind of integration and/or best practices from Sitecore about using Windows Workflow Foundation to extend the Sitecore Workflow?

Anonymous said...

Workflow Foundation can be integrated very easily as Sitecore uses a simular state model. When there comes soem time available for me in the next week, I'll show on my blog how easily WF can be integrated with Sitecore.

Dennis S. said...

Well be keeping an eye out for that Alex!

/Dennis