you've been HAACKED

Streamlined BDD Using SubSpec for xUnit.NET

Haacked — Sun, 24 Aug 2008 11:00:00 GMT

I admit, up until now I’ve largely ignored the BDD (Behavior Driven Development) Context/Specification style of writing unit tests. It’s been touted as a more approachable way to learn TDD (Test Driven Development) and as a more natural transition from user stories to the actual code design. I guess my hesitation to give it a second thought was that I felt I didn’t need a more approachable form of TDD.

Recently, my Subtext partner in crime, Steve Harman, urged me to take another fresh look at BDD Context/Specification style tests. I trust Steve’s opinion, so I took another look and in doing so, the benefits of this approach dawned on me. I realized that it wasn’t BDD itself I didn’t like, after all, I did enjoy writing specs using minispec and IronRuby. I realized that the part I didn’t really like was the .NET implementations of this style. Keep in mind that I do not claim to be an expert in TDD or BDD, I’m just a student and these are just my observations. I’m sure others will chime in and provide corrections that we can all learn from.

SpecUnit.NET example

For example, let’s take a look at one example pulled from the sample project of Scott Bellware’s SpecUnit.NET project, which provides extensions supporting the BDD-style use with .NET unit testing frameworks and has really pushed this space forward. I trimmed the name of the class slightly by removing a couple articles (“the” and “an”) so it would fit within the format of my blog post.

[Concern("Funds transfer")]
public class when_transfering_amount_greater_than_balance_of_the_from_account
  : behaves_like_context_with_from_account_and_to_account
{
  private Exception _exception;

  protected override void Because()
  {
    _exception = ((MethodThatThrows) delegate
    {
      _fromAccount.Transfer(2m, _toAccount);
    })
    .GetException();
  }

  [Observation]
  public void should_not_allow_the_transfer()
  {
    _exception.ShouldNotBeNull();
  }

  [Observation]
  public void should_raise_System_Exception()
  {
    _exception.ShouldBeOfType(typeof(Exception));
  }
}

The Because method contains the code with the behavior we’re interested in testing. The two methods annotated with Observation are the specifications. Notice that the names of the classes and methods are meant to be human readable. The output of running these tests remove underscores and reads like a specification document. It’s all very cool.

What I like about this approach is there’s a crisp focus on having each test class focused on a single behavior, in this case transferring a balance from one account to another. In the past, I might have written something like this as two test methods (which led to duplicating code or putting code in some generic Setup method that seems detached from what I’m trying to test) or as one method with two asserts. This approach helps you think about how to organize tests along the lines of your objects’ responsibilities.

What I don’t like about it, and I admit this is really just a nitpick, is that it looks like someone’s keyboard puked underscores all over the place. I feel like having to encapsulate each observation as a method adds a lot of syntactic overhead when I’m trying to read this class from top to bottom. Maybe that’s just something you get used to.

MSpec example

Switching gears, let’s look at a different example by Aaron Jensen. This is an experiment in which he tried a very different approach. Look at this code sample…

[Description]   
public class Transferring_between_from_account_and_to_account   
{   
  static Account fromAccount;   
  static Account toAccount;   
  
  Context before_each =()=>   
  {   
    fromAccount = new Account {Balance = 1m};   
    toAccount = new Account {Balance = 1m};   
  };   
     
  When the_transfer_is_made =()=>   
  {   
    fromAccount.Transfer(1m, toAccount);   
  };   
      
  It should_debit_the_from_account_by_the_amount_transferred =()=>   
  {   
    fromAccount.Balance.ShouldEqual(0m);   
  };   
  
  It should_credit_the_to_account_by_the_amount_transferred =()=>   
  {   
    toAccount.Balance.ShouldEqual(2m);   
  };   
}

There’s still the underscore porn, but it does read a little more like prose from top to bottom, if you can get yourself to ignore that funky operator right there. =()=> Whoa!

When I complained to Steve about all the underscores in these various approaches, he suggested that being a fan of the more Zen-like Ruby language, the underscores didn’t bother him. I didn’t buy that as part of the aesthetic of Ruby is its clean DRY minimalism. Yes, it uses underscores, but it doesn’t generally abuse them. Let’s take a look at a BDD example using RSpec and Ruby. This is an example of a spec in progress from Luke Redpath… (forgive the poor syntax highlighting. I need a ruby css stylesheet. :)

context "A user (in general)" do 
  setup do 
    @user = User.new 
  end 

  specify "should be invalid without a username" do 
    @user.should_not_be_valid 
    @user.errors.on(:username).should_equal "is required" 
    @user.username = 'someusername' 
    @user.should_be_valid 
  end 

  specify "should be invalid without an email" do 
    @user.should_not_be_valid 
    @user.errors.on(:email).should_equal "is required" 
    @user.email = 'joe@bloggs.com' 
    @user.should_be_valid 
  end 
end

One thing to notice is that we’re not using separate methods and classes here. Ruby doesn’t force you to put code in classes. You can just execute a script top-to-bottom. In this case, the code sets up a context block and within that block there is a setup block and a couple of specify blocks. There’s no need to factor a specification into multiple classes and methods.

Also notice that the context and specifications are described using strings! Now we’re getting somewhere. If it’s meant to be human readable, why don’t we use strings instead of the underscore porn? On Twitter, many accused the ceremony and vagaries of C# of preventing this approach. While I agree that Ruby has less ceremony than C#, I also think C# doesn’t get its fair shake sometimes. We can certainly take a C# approach down to its bare metal with the least syntactic noise as possible, right?

SubSpec

So in true Program Manager at Microsoft fashion, I spec’d out a rough idea of the syntax I would like to use with BDD. I then showed it to Brad Wilson asking him how can I make this work in xUnit.net. In true Developer fashion, he ran with it and made it actually work. This blog post is the part where I try to take all the credit. That’s what PMs do at Microsoft, write specs, take credit for the hard work the developers do in bringing the specs to life. ;) (I kid, I kid)

Here’s an example using this syntax…

[Specification]
public void PushNullSpecifications()
{
  Stack<string> stack = null;

  "Given a new stack".Context(() => stack = new Stack<string>());

  "with null pushed into it".Do(() => stack.Push(null));

  "the stack is not empty".Assert(() => Assert.False(stack.IsEmpty));
  "the popped value is null".Assert(() => Assert.Null(stack.Pop()));
  "Top returns null".Assert(() => Assert.Null(stack.Top));
}

A few things to notice. First, the entire spec is in a single method, which reduces some of the syntactic noise of splitting the spec into multiple methods. Secondly, we’re using strings here to describe the specification and context, rather than method names with underscores for the human readable part.

Lastly, and most importantly, while it may look like we’re committing the sin of multiple asserts in a single test, this is not the case. Via the power of the xUnit.NET extensibility model, Brad was able to generate a test per assertion. That’s why the Assert method (should it be Observe or Fact?) takes in a lambda. We can return these closures to xUnit.net and it will wrap each one in a separate test. Here’s another look at the same method with some comments to highlight how similar this is to the previous examples. (UPDATE: I also changed the asserts to use the Should style extension methods to demonstrate what it could look like).

[Specification]
public void PushNullSpecifications()
{
  Stack<string> stack = null;
  //equivalent to before-each
  "Given a new stack".Context(() => stack = new Stack<string>());

  //equivalent to Because()
  "with null pushed into it".Do(() => stack.Push(null));

  //Equivalent to [Observation]
  "the stack is not empty".Assert(() => stack.IsEmpty.ShouldBeFalse());
  //Equivalent to [Observation]
  "the popped value is null".Assert(() => stack.Pop().ShouldBeNull());
  //Equivalent to [Observation]
  "Top returns null".Assert(() => stack.Top.ShouldBeNull());
}

Keep in mind, at this point, this is a merely proof-of-concept sample that will be included with the samples project in the next version of xUnit.NET and by the time you read this sentence, it may have changed already. You can download this particular changeset here.

The following is a screenshot of the HTML report generated by xUnit.NET when using this syntax that Brad sent me today.

Despite it being a sample, I tried to give it a catchy name in case this is intriguing to others and worth iterating on to make it better (not to mention that I love putting the prefix “Sub” in front of everything.)

Possible next steps would be to add all the Woulda, Coulda, Shoulda extension methods so popular with this style of testing. For example, that would allow you to replace Assert.False(stack.IsEmpty) with stack.IsEmpty.ShouldBeFalse(). For those of you practicing BDD, I’d be interested in hearing your thoughts, objections, etc… concerning this approach.

For completeness sake, here’s another syntax I proposed to Brad. He mentioned it was similar to something else he’s seen which he might port over to xUnit.net.

[Specification]
public void When_Transferring_To_An_Account()
{
  Election e = null;
  Account a = null;
  Account b = null;
 
  Where("both accounts have positive balances", () => {
    a = new Account { Balance = 1 };
    b = new Account { Balance = 2 };
  });
 
  When("transfer is made", () =>
    
    a.Transfer(1, b)
  );
 
  It("debits account by amount transferred", () => a.Balance.ShouldBe(0));
  It("credits account by amount transferred", () => b.Balance.ShouldBe(3));
}

For those of you completely new to BDD, check out Scott Bellware’s Code Magazine article on the subject.

Technorati Tags: tdd,bdd,xunit.net

Dealing With Denial of Service Attacks

Haacked — Fri, 22 Aug 2008 17:00:37 GMT

As Scott wrote last week, using a punny title I have to admire, he and I (among many others) were both the subject of a DoS (Denial of Service) attack. Looking through my logs, it looks to actually be a DDoS (Distributed Denial of Service) attack coming from multiple IP addresses.

The attack appears to actually be an attempt at a SQL Injection attack, but for his blog, which stores its data in XML files, that is entirely pointless. For my blog, which doesn’t do any inline SQL, it’s also mostly pointless. So far, the SQL injection part of the attack has failed, but it has succeeded in pegging my CPU. Maybe that’s the actual intended goal. Only the attacker knows.

LogParser Queries

The first clue (besides my site being down) is that my log file for today is huge at 9:00 AM.

The next step is to run some queries against my logs using the fantastic LogParser tool. This post, entitled Forensic Log Parsing with Microsoft’s LogParser is a great resource for constructing queries. The focus tends to be more on investigating an actual intrusion. The queries I need are to discover what kind of DoS attack I’m experiencing. Here’s the query I’m using so far…

  logparser "SELECT c-ip, COUNT(*), STRLEN(cs-uri-query) as LENGTH, cs-uri-query 
  FROM C:\WINDOWS\system32\LogFiles\W3SVC1\ex080822.log 
  GROUP BY Length, cs-uri-query, c-ip 
  HAVING Length > 500 
  ORDER BY LENGTH DESC" -rtp:-1 > long-query.txt

Note that I’m running this for a single log file for the day. I could use a wildcard and run this for all my log files. The very last snippet, > long-query.txt, pipes the output to a text file. Here’s a snippet of one of the query strings I’m seeing:

?';DECLARE%20@S%20CHAR(4000);SET%20@S=CAST…*snip*…%20AS%20CHAR(4000));EXEC(@S);

The length of these query strings are all very long. Interestingly enough, there’s no smooth transition in length. For example, there are no query strings of length 500 – 1000.

URL Scan

I then went and installed URLScan 3.0 Beta, which Scott wrote about, and went into the configuration file (located at C:\WINDOWS\system32\inetsrv\urlscan\UrlScan.ini by default and changed the following setting near the bottom:

  MaxQueryString=2048

From its default of 2048 to another smaller value.

The other setting I changed is to allow dots in the path because I have many URLs that contain dots.

  AllowDotInPath=1

Technorati Tags: UrlScan,IIS,DoS,DDoS,Security

The ABCs of Alpha, Beta, CTP

Haacked — Fri, 15 Aug 2008 20:17:23 GMT

A commenter to my last post asks the following question,

What is the difference between a beta, a CTP, a fully-supported out of band release, an RTM feature, and a service pack?

The answer you get will differ based on who you ask, but I’ll give you my two cents on what these terms mean.

Beta

Let’s start with Beta. A great starting point is this post by Jeff Atwood entitled Alpha, Beta, and Sometimes Gamma.

The software is complete enough for external testing -- that is, by groups outside the organization or community that developed the software. Beta software is usually feature complete, but may have known limitations or bugs. Betas are either closed (private) and limited to a specific set of users, or they can be open to the general public.

With the ASP.NET MVC project, all features we plan to implement for RTM should be complete for our Beta. However, the Beta period can influence this and if it seems extremely important, we may take on small DCRs (Design Change Requests).

CTP

CTP stands for Community Technology Preview. It's generally an incomplete preview of a new technology in progress. These usually come out before beta and are a way to gather feedback from the community during the development of a product. This is similar to an Alpha release per Jeff’s hierarchy, except that at Microsoft, we generally do put CTPs in a public location.

With the ASP.NET MVC project, we no longer use the term CTP and simply use the term “Preview”. I think this is due to running out of our TLA (Three Letter Acronym) budget for the year. Our previews do still undergo a QA test pass and are released to the ASP.NET website.

Daily Builds / Interim Releases

The commenter didn’t ask about this, but I thought I would mention it. In many open source projects, you can get a daily build of the software directly from their source code repository. For example, with Subtext, if you want to grab the most recent build, you can go to our builds archive. A daily build is really for those who like to play with fire, as they usually are not tested, and could represent work in progress that is not even working at all.

The closest thing the ASP.NET MVC team has to this is with our periodic “Interim releas”, a term we just made up, that is pushed out to CodePlex and not placed on the ASP.NET website, because of the more mainstream nature of that site.

As much as these CodePlex releases are for the cutting edge audience, being Microsoft, we can’t simply put daily builds out there and say you’re on your own. At least not yet. So these CodePlex builds are sanity checked by our QA team and by me, but they do not go under a full test pass like our Preview releases do. This is an area of experimentation for the ASP.NET team and so far, is proving successful.

Fully Supported Out-of-Band release

Internally, we usually call these OOB releases (pronounced “oob” like it’s spelled).

A Fully Supported Out-of-Band release is a release that is not part of the Framework (i.e. it's not included in an installation of the .NET Framework), but is fully supported as if it were. For example, you can call up PSS (Microsoft's Tech Support) for support on a fully supported OOB release.

One example of this was “Atlas” which later became Microsoft Ajax and was rolled into ASP.NET 3.5. ASP.NET MVC 1.0 will be an example of an OOB release.

RTM and RTW release

RTM stands for “Released to Manufacturing” and is a throwback to the days when software was mostly released as CDs. When a project went “Gold”, it was released to manufacturing who then burned a bunch of CDs and packaged them up to be put on store shelves. True, this still goes on today believe it or not, but this mode of delivery is on the decline for certain types of software.

RTW is a related term that stands for “Released to Web” which is more descriptive of how software is actually shipped these days. For example, while we like to use the term RTM internally out of habit, ASP.NET MVC will actually be RTW.

Service Pack

A Service Pack (or SP) is simply an RTM (or RTW) release of fixes and/or improvements to some software. It used to be that SPs rarely included new features, but it seems to be the norm now that they do. Service Packs tend to include all the hotfixes and patches released since the product originally was released, which is convenient for the end user in not having to install every fix individually.

Technorati Tags: beta,ctp,alpha,rtw,rtm

ASP.NET MVC Is Not Part of ASP.NET 3.5 SP1

Haacked — Fri, 15 Aug 2008 03:27:02 GMT

I wanted to clear up a bit of confusion I’ve seen around the web about ASP.NET MVC and the .NET Framework 3.5 Service Pack 1. ASP.NET MVC was not released as part of SP1. I repeat, ASP.NET 3.5 SP1 does not include ASP.NET MVC.

What was released with SP1 was the ASP.NET Routing feature, which is in use by both ASP.NET MVC and Dynamic Data. The Routing feature is my first Framework RTM feature to ship at Microsoft! We also shipped a bunch of other features such as Dynamic Data, and this short list of breaking changes.

I hope that clears things up and I apologize for the confusion.

And for my next feat, I’m going to try and read your mind, oooooh! Right now, you’re thinking something along the lines of,

Ok, so ASP.NET MVC didn’t ship as part of SP1. When is it going to ship?!

Good question! Scott Hanselman once quipped that it would ship in a month that ends in “-ber”. He also recently quipped,

Anyway, Phil has always said that MVC is on its own schedule and will ship when its done. Possibly when Duke Nukem Forever ships.

That Scott, he’s so full of quips. ;)

In any case, he’s right in that MVC is pretty much on its own schedule since the first RTM version will be a fully supported out-of-band release, much like Atlas was back in the day.

The MVC team really doesn’t want to rush the first release. We’re taking the time to do the best we can in laying the groundwork for future releases. My hope is that we’ll have very few, if any, moments where we we want to make a breaking change because we didn’t provide the right amount of extensibility.

At the same time, we also really want to get ASP.NET MVC in your hands in an RTM form soon so you can start using it for your clients who are uncomfortable working with a beta technology. Trust me, we are not in the business of the “perpetual-beta” and are working towards an RTM. As Scott pointed out, our hope is to get it out before the end of the year. But as most of you know about how software scheduling works, anything can happen between now and tomorrow.

Metrics

As we move towards the tail end of the development cycle, we’ve been pushing hard to get our bug/approved change request count down, which I recently twittered about. I asked Carl, our tester, to print out an Excel graph of our bug count over time. It feels really good to walk by his office every day and see the line trending down towards zero (though occasionally, it ticks up a bit). I think it’s a huge motivator to try and fix and close out work items.

At the same time, this graph is for our benefit only and not something we’re being evaluated on by any managers, which is extremely important. One of the dangers of any metric is that developers are smart and they’ll do what they can to optimize the metric. For example, the danger with this metric is that we might be tempted to not log feature requests and bugs. Joel Spolsky wrote about this phenomena when measuring the performance of knowledge workers a while back,

But in the absence of 100% supervision, workers have an incentive to “work to the measurement,” concerning themselves solely with the measurement and not with the actual value or quality of their work.

Since we’re the only ones who care about this graph (nobody is looking over our shoulder) and QA is very motivated to find bugs, I think it’s a safe to use as a fun source of motivation. For the most part, watching the graph move towards zero feels good. Those are the metrics I like, the ones that inspire positive feelings among the team and a sense of forward motion and momentum. :)

Tags: aspnetmvc , aspnet , schedule

Filters in ASP.NET MVC CodePlex Preview 4

Haacked — Thu, 14 Aug 2008 13:00:00 GMT

In Preview 2 or Preview 3 of ASP.NET (I forget which), we introduced the concept of Action Filters. Sounds much more exciting than your run-of-the-mill LayOnTheCouchMunchingChipsWatchingInfomercialsFilter, that I originally proposed to the team. Thankfully, that was rejected.

An action filter is an attribute you can slap on an action method in order to run some code before and after the action method executes. Typically, an action filter represents a cross-cutting concern to your action method. Output caching is a good example of a cross-cutting concern.

In CodePlex Preview 4 of ASP.NET MVC, we split out our action filters into four types of filters, each of which is an interface.

IAuthorizationFilter
IActionFilter
IResultFilter
IExceptionFilter

IAuthorizationFilter

Authorization filters run before any of the action filters and allow you to cancel the action. If you cancel the action, you can set the ActionResult instance you want rendered in response to the current request.

There should be very few cases (hopefully) that you need to write such a filter of your own. In those rare cases when you do, you’ll be glad to have this interface around.

IActionFilter

Action filters allow you to run code before and after an action method is called, but before the result of the action method is executed. This effectively allows you to hook into the rendering of the view, for example.

In the “before” method (OnActionExecuting), you can cancel the action and even supply an action result of your own instead. If you cancel the action, no other filters higher up the stack will be executed and the invoker starts executing the “after” method for any action filter that had its “before” method called (except for the filter that canceled the action).

In the after method (OnActionExecuted) you can’t cancel the action (it already ran and we don’t have a ITimeMachineFilter implemented yet), but you can replace or modify the action result before it gets called.

If an exception was thrown by another action filter or by the action method itself, you can examine the exception thrown from your filter. Your filter can specify that it can handle the exception (seriously, only do this if your filter really can do this as it’s generally a bad thing to handle an exception you shouldn’t be handling), in which case the action result will still get executed. If the exception propagates up, the result will not get executed.

IResultFilter

Result filters are pretty much similar to action filters, except they run after the action method has executed, but before the result returned from the action method has been executed. The “before” method is called OnResultExecuting and the “after” method is called OnResultExecuted.

IExceptionFilter

The exception filters are all guaranteed to run after all of the action filters and result filters have run. Even if an exception filter indicates that it can handle the exception, it will still run. This is useful for logging scenarios in cases where you want a filter to always run no matter what happens so it can log exceptions etc…

One interesting thing to note is that exception filters run after result filters. So what can you do from an exception filter? Well we give you one last ditch chance to render something to the user by allowing you to set the action result in the exception filter. If that action result throws an exception, you’re SOL and the exception filter does not handle that exception. Well, you’re not totally SOL. The normal ASP.NET web.config settings for custom errors will kick in if you set them.

Writing Custom Filters

To write a custom filter, you simply need to create an attribute (aka a class that inherits from FilterAttribute) that also implements one of the four interfaces I mentioned.

It turns out that we think the most common case for custom filters will be those that implement IActionFilter and/or IResultFilter. To support the common case, we included a base attribute ActionFilterAttribute, which inherits both of these interfaces. Yeah, the name isn’t exactly accurate, but we tend to think of action filters as really action and action result filters.

For the other two filter types, we did not include a base attribute type for these. To write your own authorization filter, you simply implement IAuthorizationFilter. For example, here’s a filter I wrote the other day which we will probably include in the MvcFutures assembly. Apply this filter to an action and it will perform request validation of potentially insecure input. (Side Note: This validation is on by default in ASP.NET WebForm applications, but not in ASP.NET MVC applications because it’s implemented by the Page class, which runs too late.)

[AttributeUsage(AttributeTargets.Class | AttributeTargets.Method, 
  Inherited = true, AllowMultiple = false)]
public sealed class ValidateInputAttribute : FilterAttribute
    , IAuthorizationFilter {
  public void OnAuthorization(AuthorizationContext filterContext) {
    filterContext.HttpContext.Request.ValidateInput();
  }
}

While we did not include a base attribute for these filters, we did include concrete implementations of these interfaces. For example, the AuthorizeAttribute is a concrete implementation of an authorization filter. You can (er…will be able to) inherit from this attribute if you want, but you can also simply implement IAuthorizationFilter yourself.

Why Four Filter Types?

We debated this a long time. We could have stuck with just the two interfaces: IActionFilter and IResultFilter and handled all cases.

The problem we ran into is that for attributes that perform some sort of authentication check, you want to be absolutely sure it runs before any of the action filters. And it’s very easy to get this wrong by accident even if you know what you are doing.

The type of thing we wanted to avoid was accidentally running the output cache filter before the the authorization filter. That’s a recipe for an information disclosure bug, potentially displaying information to someone who shouldn’t have access to see it such as photos of your hair piece collection (Why do you have so man?). So we decided that there ought to be four distinct filter phases in the life of a controller action: Authorization, Action Execution, Result Execution, Exception Handling.

If you write an authorization filter, it is guaranteed to run before any other action filters.

Keep in mind though, that these phases merely help guide filter writers into doing the right thing. Because the MVC framework is all about leaving you in control, it is still possible to get it all wrong. For example, I could write a custom output caching filter that implements IAuthorizationFilter and thus runs at the wrong time. Please don’t do this. Code responsibly.

Technorati Tags: aspnetmvc,aspnet,action filters

Better URLs With Subtext and Windows Live Writer

Haacked — Wed, 13 Aug 2008 17:05:07 GMT

One feature of Windows Live Writer that Subtext supports is the ability to edit your post slug? What is the URL slug associated with a blog post? What is the URL slug?

Take a quick look in the address bar and you should notice that the URL ends with “editing-post-slugs.aspx”. That bold part is the post slug. It’s a human friendly URL portion that identifies this blog post, as opposed to using some integer id.

For a long time, Subtext had the ability to automatically convert your blog post title into friendlier URLs. However, as with most automatic efforts, there are cases where it falls a bit short.

For example, suppose I started writing the following post with the following title:

When I post it, the URL ends up being a bit ugly, though Subtext does give a good faith effort.

With Windows live writer, there’s a little double hash mark at the bottom that you can click to expand, providing more options. In the Slug: field, enter a cleaner URL.

Now when you publish this post, the URL will end with the slug that you specified.

If you use the Subtext Web Admin to post, we’ve had this feature all along in the Advanced Options section. It’s the Entry Name field (which I think we should call Entry Name Slug since Slug seems to be the standard term for this.

Of course when we come out with our MVC version, we can get rid of that annoying .aspx at the end. :)

Technorati Tags: subtext,windows live writer,wlw

Subtext 2.0 Released

Haacked — Sun, 10 Aug 2008 23:45:00 GMT

It’s been a long time coming, but we are finally ready to release Subtext 2.0. As I mentioned in April (was it that long ago!?), this is scaled down a bit from our original 2.0 plans. But even so, we have a lot of new goodness in here. It’s not just a bug fix release, though there are plenty of those too.

Highlights

With this release, Subtext has top notch support for Windows Live Writer thanks to some check-ins from Tim Heuer.

Enhanced MetaWeblog API implementation to support providing a "slug" URL name for the post. This gives the user the option to use the default URL naming, the "auto-friendly" or now to override that with your own slug name.
Fixed a bug in the SiteMap handler for blogs not hosted at root domains. Would love people to test this out.
Added support for WordPress API functions of: newPage, editPage, getPages, newCategory
Simple modification to the Windows Live Writer manifest to prevent those who think they can future post :-)
Tag-based RSS syndicator

Other highlights

New CSS-Based Admin Design That Makes Better Use of Space
Ability to set a separate skin for mobile devices
Streamlined Installation Process. I tried to remove unnecessary steps and make this more robust.
Support for Enclosures (See Simo’s great post on this for more details)
CSS and JS optimizations (Simo has more interesting details on this).
Setting a date in the future for publishing posts (again, Simo has more details).
Login to your blog using OpenID, as well as use your blog as an OpenId Delegate

Notes for new installations

The install package includes a default Subtext2.0.mdf file for SQL 2005. If you plan to run your blog off of SQL Express, installation is as easy as copying the install files to your webroot. If you’re not using SQL Express, but plan to use SQL Server 2005, you can attach to the supplied .mdf file and use it as your database.

Notes for upgrading

In the app_data folder of the install package, feel free to delete the database files there. They only apply to new installs.

We also include a zip file with just the SQL upgrade scripts. This is sometimes useful for those who run into problems with the upgrade procedure.

Full upgrade notes are on the Subtext project website.

So what’s next for Subtext?

The Subtext team is fired up to get their feet wet using ASP.NET MVC, and I can’t blame them. So at this point, we’re starting preliminary planning work for Subtext 3.0, the next major version of Subtext which will be a ground-up rewrite pulling in as much code from 2.0 along the way of course.

But that doesn’t mean we’re abandoning the 2.0 line immediately. I would expect to see several small incremental releases of the 2.* line even as we start on 3.0 with fires lit under our butts. Subtext 3.0 is in the very early stages of planning taking a long term look into the future.

After all, there’s still a lot of infrastructure decisions to be made, as well as requirements gathering. In what ways do we want to be just like Subtext 2.0? In what ways do we want to completely change the architecture?

Some of the decisions we need to make, just as a start:

Where do we host? Do we stick with SourceForge or go elsewhere?
What data access layer/ORM tooling should we use?
What DI framework do we choose?
What do we use for communication and documentation?
What should our database design look like?
Should we change how we handle multi-tenancy?

In any case, it’s been a fun ride so far, and I hope we can keep our momentum going in producing a great blogging platform for ASP.NET.

And before I forget, here’s the download page link.

Tags: subtext

An Arbitrary Cycle Method For ASP.NET MVC

Haacked — Thu, 07 Aug 2008 16:33:12 GMT

In his Practical Review of ASP.NET MVC, Josh Charles provides a helpful review of ASP.NET MVC from a Rails developer’s perspective. It seemed fair and balanced, and the end result is that there’s room for improvement, which we’re taking to heart.

However, that’s not the part that caught my attention. He mentioned that he wrote a cycle method but couldn’t write it as an extension method to HtmlHelper.

this was an instance method that would take two strings and return the one that it didn’t return the last time it was called. In my templates, I used this to change the classes for each row of data, to give them different background colors. I considered writing an extension method to the Html object used for other Html operations in the view page, but this method specifically required the use of an additional private variable, so that would not work.

If you don’t mind cheating a bit, there is a way to write this as an extension method. And while we’re doing that, why stop at only two strings? Why not take an indefinite number? :)

public static string Cycle(this HtmlHelper html, params string[] strings) {
    var context = html.ViewContext.HttpContext;
    int index = Convert.ToInt32(context.Items["cycle_index"]);

    string returnValue = strings[index % strings.Length];

    html.ViewContext.HttpContext.Items["cycle_index"] = ++index;
    return returnValue;
}

Perhaps allowing an indefinite number of strings is overkill (who ever heard of a table with tri-color highlighting?) but I thought it was fun to do regardless. Here’s an example of usage with three different CSS styles:

<style>
    .first {background-color: #ddd;}
    .second {background-color: khaki;}
    .third {background-color: #fdd;}
</style>

<table>
<% for (int i = 0; i < 5; i++) { %>
    <tr class="<%= Html.Cycle("first", "second", "third") %>">
        <td>Stuff</td>
    </tr>
<% } %>
</table>

And the output...

Stuff

With this, go forth and spread tri-color highlighted tables all over the web. Or if you’re really crazy player, go with four color highlighting!

Technorati Tags: aspnetmvc,helpers,review

Hey Ma, I’m On TV!

Haacked — Wed, 06 Aug 2008 23:39:47 GMT

Recently, Adam Kinney came by my office to interview me for a Channel 9 episode discussing ASP.NET MVC CodePlex Preview 4.

I’ve known Adam for a long time, even before he joined Microsoft. I think we met (in person) at Tech-Ed 2003.

In any case, we talk a bit about ASP.NET MVC and Preview 4, all the while I tried very hard not to put my foot in my mouth. At the end there are some outtakes of me impersonating Scott Hanselman doing an impersonation of Sean Conery. That wasn’t to make fun of Scott, but totally out of love and respect. ;)

On Gaming

In the interview, I mentioned that I used to work at a skill gaming company called SkillJam which is no longer around. We had a tournament engine that allowed users to play games of skill for money. I worked on the back-end technologies such as our mobile gaming infrastructure which was well reviewed by GameSpot.

SkillJam is no longer around as it was bought by FUN Technologies (yes, I literally worked for “Fun” back then) and subsumed into World Winner.

In any case, one of the sharpest coworkers that I worked with there went out on his own to start a new game development company called CasualCafe. This guy was the one who lived in the world of writing low-level C++ code, anti-cheat techniques, and game engines. If you are into the genre of “Casual Games” (such as Bejewelled, Solitaire, etc…) be sure to check it out.

Books on My Shelf

Via Twitter, James Avery was more interested in the books on my shelf than what I was saying (I don’t blame him). In case you were wondering, here’s a partial list:

Facts and Fallacies of Software Engineering Highly recommended look at common myths and facts of software engineering. The facts are supported by research and data.
Code Complete Never leave home without it. Seriously.
Don’t Make Me Think! A classic on web usability.
User Interface Design for Programmers A more general book on usability by Joel Spolsky.
Framework Design Guidelines Love it or hate it, the annotations alone are worthwhile.
Agile Web Development With Rails A bit outdated, but at the time, this helped me immensely getting up to speed at Koders.
Mastering Regular Expressions THE book on regular expressions. It lives up to its title.

There are other books up there, but these are the ones I’ve read cover-to-cover and can recommend.

Technorati Tags: aspnetmvc,books,channel9

What Integrated Circuits Say About Testing Your Code

Haacked — Mon, 04 Aug 2008 18:00:00 GMT

A while back I talked about how testable code helps manage complexity. In that post, I mentioned one common rebuttal to certain design decisions made in code in order to make it more testable.

Why would I want to do XYZ just do improve testability?

Recently, I heard one variation of this comment in the comments to my post on unit test boundaries. Several people suggested that it’s fine to have unit tests access the database, after all, the code relies on data from the database, it should be tested.

Implicit in this statement is the question, “Why would I want to abstract away the data access just to improve testability?”

Keep in mind, I never said you shouldn’t test your code’s interaction with the database. You absolutely should. I merely categorized that sort of test as a different sort of test - an integration test. You might still use your favorite unit testing framework to automate such a test, but I suggest trying to keep it in a separate test suite.

The authors of The Pragmatic Programmer: From Journeyman to Master have a great answer to this question with their comparison to Integrated Circuit's, which have features designed specifically to enable testability.

The “Design For Test” Wikipedia entry refers to name as encompassing a range of design techniques for adding features to microelectronic hardware in order to make it testable. Examples of these techniques show up as early as the 1940s/50s. So designing for testability is not some whiz-bangy latest methodology flavor of the day the crazy kids are doing.

One key benefit to these techniques is that components can be tested in relative isolation. You don’t have to place them into a product in order to test them, though at the same time, they can be tested while within the product.

So in answer to the original question, I’d ask, “Why wouldn’t we design for testability?”

I think this analogy illustrates one reason why I don’t want my unit tests talking to the database (apart from wanting the tests to run fast). Ideally, someone else down the road, new to the project, should be able to get the latest code from source control and run the unit tests immediately without having to go through the pains of setting up an environment with the correct database.

Another benefit of abstracting away the database so that your code is testable and doesn’t cross boundaries is that your code is then not so dependent on a particular database. I used to argue that there’s no need to insulate your code from the particular database that you are using. I’ve never been on a project where the customer suddenly switches from SQL Server to Oracle. That sort of drastic change very rarely happens.

But it turns out that I have been on projects where we switched from SQL Server 6.5 to 7 (and from 7 to 2000 and so on). Upgrades can be nearly as drastic as choosing a different database vendor. Having your code isolated from your choice of database provides some nice peace of mind here.

Tags: IC , Integrated Circuit , TDD , Unit Testing