Tuesday, August 30, 2011

TechEd 2011 Round Up / Summary

I've summarised some of the most interesting/important parts of my TechEd 2011 NZ notes here.

WUX206 - Pimp My App - 3 screens and a challenge

DEV302 Lesser Known Design Patterns

  • Null object pattern - Avoid the ceremony of checking if something is null before using it.
  • Command pattern - Alternative to adding additional methods to interface by instead creating new objects.
  • Object Emancipation - Objects are more than just buckets of information. Give your objects responsibility for managing their own State.
  • State Pattern - Partially change the type of the object by swapping out behaviour based on state.

DEV301 Going Mobile: Any System to any Mobile Device

  • With REST. No URI construction on the client; follow the hyperlinks instead. Dependency on the namespace.
  • With REST. DO NOT define new verbs; use GET, PUT, POST, DELETE

WUX101 HTML 5 Hands On

  • Polyfill - A way to support HTML 5 features in older browsers using JavaScript shims.
    What is a Polyfill?
    A polyfill, or polyfiller, is a piece of code (or plugin) that provides the technology that you, the developer, expect the browser to provide natively. Flattening the API landscape if you will.
  • Rather than UserAgent sniffing using feature detection with something like Modernizer

SIM201 Hack-Ed - The Attackers are coming!

  • SQL Injection is still the number one threat to most websites.
    • SQLMAP - a python script fpr automatic SQL injection and database takeover
  • Cross Site Scripting (XSS) variations are still a serious issue. They can be weaponized with a server for the hacker to send instructions to the users browser.
  • Unescaped twitter feeds can be used for XSS attacks.
  • Local proxies for security testing Paros - "Through Paros's proxy nature, all HTTP and HTTPS data between server and client, including cookies and form fields, can be intercepted and modified." Burp proxy - "an intercepting proxy server for security testing of web applications. It operates as a man-in-the-middle between your browser and the target application"
  • It's important to check that the credit card authorized amount was the amount expected amount.

DEV311 A Practical Developer's Introduction to F#

  • A functional language that is native to .NET. It can call and be called by other .NET code.
  • Is well suited for Scientific and numerical computing, Finance, Insurance, Parsers, and Domain Specific Languages
  • Pipeline operator |> makes chaining operators easier to read. Kind of similar to extension methods in C#

DEV309 - Visual Studio vNext Directions

SIM305 - The Attackers are Coming!

  • SQL Injection - As a start, look for calls in SQL to sp_executesql, exec that aren't using parameters correctly
  • Cross Site Scripting (XSS) - With ASP.NET use HttpUtility or AntiXSS Html and Attribute Encode. Consider the Security Runtime Engine - Safety Net
  • Enforce Session logout server-side rather than just removing the cookie client side
  • Set 'httponly' and 'secure' flags on cookies.
  • Cross Site Request Forgery - ASP.NET - Set the ViewStateUserKey in the OnInit of a base page. Used in addition to the MAC Key to hash the ViewState.
  • Send the following HTTP headers when server content uploaded by users:
    • Content-Disposition: Attachment
    • X-Download-Options: noopen
    • X-Content-Type-Options: nosniff
    • Content-Type: [mime-type]

DEV401 Advanced .NET Debugging

  • WinDBG with the SOS Extension from the .NET framework team can make debugging specific classes of bugs much easier.
  • Memory Leaks
  • Deadlocks
  • Race conditions
  • Dumps form production applications (where it isn't otherwise possible to attach a debugger)

DEV204 Tools I use to improve my development

  • Mindscape Web Workbench - Add Sass, Less & CoffeeScript support to VS2010
  • Web Standards Update for VS2010 - Adds support for HTML5 & CSS 3 to VS 2010 SP1
  • Nuget - Manage common packages and dependencies for your projects
  • Chrome Developer Tools - "Pretty Print" to reformat compressed Javascript.

DEV306 The WCF Web Community - REST, jQuery and WebSocket

  • fiddler - a Web Debugging Proxy which logs all HTTP(S) traffic between your computer and the Internet. Fiddler allows you to inspect traffic, set breakpoints, and "fiddle" with incoming or outgoing data.
  • OData is useful in .NET to .NET scenarios
  • RIA Services - OData endpoint that can be queried over LINQ.

DEV312 Getting the most from Visual Studio using Managed Extensibility Framework (MEF)

  • MEF is a framework for creating extensible applications and consuming plug-in parts.
  • Visual Studio 2010 editor extensibility is built through MEF.
  • The VS2010 Find Box is also a command box when prefixed with >
    • > File.CloseAllButThis
    • > File.CopyFullPaths
    • > Tools.GoToCommandLine

DEV308 Visual Studio LightSwitch - Beyond the Basics

  • Submit pipeline
    1. Pre-processing
    2. Process modified entities
    3. Execution – LightSwitch passes all of the changes to the underlying data provider for processing
    4. Post-process modified entities
    5. Post-processing

WUX205 Kick starting your web development with ASP.NET 4.0

DEV303 Making Asynchronous Programming Easy

DEV403 Dynamic and Meta-programming in .NET 4

Online sessions

Breakout Sessions Other Videos
COS302 | Line of Business in the Cloud 2011 Tech·Ed New Zealand Keynote
COS305 | Guidelines and Best Practices for Migrating .NET Web Services to the Azure Platform Welcome to NZ’s Premier IT Conference – Tech·Ed 2011
DBI207 | Trade Me: 0-70 million pages in 0.34 Gigaseconds What is happening in the Hub?
DBI208 | Project "Crescent" the next level of SQL Server BI Data Visualisation: Demos Galore End Of Day 1 - 2011 Tech·Ed NZ
DBI304 | Building a Mission-Critical High Availability Solution Using AlwaysOn HP - Principal Sponsor of 2011 Tech·Ed New Zealand
DEV311 | A Practical Developer's Introduction to F# TechFest MC- Dai Henwood
DEV403 | Dynamic and meta-programming in .NET 4 Interview with Main Act - Fat Freddy's Drop
DPR202 | Good architect vs. Bad architect (coming soon) Highlights from TechFest 2011
DPR209 | Hitchhiker’s Guide To Technical Leadership 2011 TechEd New Zealand - Wrap Up
DYN301 | A Developer's Guide to Integrating Microsoft Dynamics CRM 2011 & SharePoint 2010 Tech Talk Interview with Andrew Ehrensing
DYN304 | When CRM 2011 Goes Viral Tech Talk Interview with Rob Reinauer
EXL302 | Exchange 2010 High Availability Concepts Tech Talk Interview with Scott Schnoll
INO204 | Microsoft Research - Technologies from MSR that YOU can use Tech Talk Interview with the UPT Digital Kids
INO301 | Transforming Our Future Today Tech Talk Interview with Steve Smith
OSP304 | The SharePoint 2010 Search Service Decoupled Tech Talk Interview with Debbie Ireland
SIM201 | 2011 Hack-Ed - The Attackers are coming! Tech Talk Interview with Carolyn Chau
SIM302 | Creating a Federated Extranet with ADFSv2 and SharePoint2010 – Notes from the field Tech Talk Interview with Brendon Ford
SIM305 | Hack-Ed - Boost your defences! Tech Talk Interview with Team Unite
WCL303 | How to develop a successful Desktop Strategy (Thin, Thick, VDI... ) Tech Talk Interview with Eric Chang
WCL304 | How to secure and manage Consumerisation of IT Tech Talk Interview with Team OneBuzz
WPH204 | Windows Phone First Up / All Up Tech Talk Interview with Michael Niehaus
WPH305 | Peeking at the Source of a Successful Windows Phone App Tech Talk Interview with Regan Murphy
WSV302 | Get Out of Dodge: Migrating to Windows Server 2008 R2 x64 Tech Talk Interview with Dr Nitin Paranjape
WSV402 | Network Access Protection (NAP) in the Real World Tech Talk Interview with Miha Kraljis
WUX207 | Releasing Trade Me's Latest Project Tech Talk Interview with Thomas Lewis
WUX208 | Responsive Design - The View of the World Depends on the Glasses I Wear