JAM for your Web Sandwich

So you have been giving so much Ajax love that you pass more XML than anything else. It is time to lean up your XML usage and get native. What do we call this jungle fever? I personally refer to it as JavaScript Append Method - JAM. You are already using JSON right? Right?? (don't answer just do it) If not, forget all the markup overhead of XML. If you are passing JSON back to the browser, simply JAM your response object on the end of the DOM. Like this:

$.fn.json = function jam( url ) {
var script = document.createElement( 'script' );
script.type = 'text/javascript';
script.src = url;
$('head',document).append( script );
}

Yes that is a jQuery plugin. Even better JAM your JSONP on the end of your DOM.

Is any of this new? No. It is, however, time to revisit the way you are thinking. Ajax was a great buzz word in it's time. Just like the 'Push' of the mid 90's. Reflect if you will on your site, webapp, or Web page. If you have been implementing Ajax, have you spent a lot of time taking advantage of modern JavaScript? Conversely, are you using a snazzy library for doing your Ajax? If the former has been your focus, why not make it your goal to move from XML (a great exchange format for non-web applications) to a more consistent, less verbose approach. Then take your data and just JAM it in a page. If you are using a library. I challenge you to find the fastest library out there. Then look under the hood to see what makes it tick. I bet it is JSON, maybe even JSONP. Heck, I bet it just could be JAM.

This has made my life simpler. In fact I have a nice PQ&J sandwich in the works. I will keep you posted.

ZCE: PHP Samurai For Hire

Zend is getting ready to offer what many have been waiting for: PHP5 Certification tests. Why is this so important? Many people who started on, or who were already using PHP5 saw limited need for a test that focused on PHP4. This was in fact the focus of the only existing Zend PHP certification. Since I take PHP seriously I went ahead and got the Certification, and I intend on taking the PHP5 test as well.

I found several things interesting about the new test. (details here) The first thing that struck me was the section on the differences between PHP4 and PHP5. This may frustrate some who are dead set on being PHP5 purists. The fact of the matter is that there are a lot of examples and code snippits on the internet that are written in PHP4. If you are the type of person who is always looking to program the absolute best, you need to know the difference so you can differentiate between versions of code. Also, so you know what the problem is when one of your people snag some code from the Internet and slap it in an application and it doesn't work quite right. Because you wouldn't do that right?

The rest of the test focuses on several obvious items like OOP and Security. These are some much needed test items. This way a person who claims to be a ZCE5 can be assumed to know at least the basics.

At this point I am still wondering if Zend is addressing the largest issue I see surrounding the Zend Certification Exam. That is employer education. I am working toward becoming an MCSD. Two of the reasons is for respect and higher pay. While people who are Zend customers respect the ZCE and offer compensation higher than most. There are all kinds of companies out there using PHP that don't even know that Zend exists, or that there are Zend Certifications. While this is a marketing issue, if Zend wants the ZCE to really be important they need to fly it on the front of every piece of literature and website and bag of peanuts they hand out. "Put your application in the hands of someone who knows, hire a ZCE today!" should be the mantra of the Zend Enterprise. A ZCE already trusts and uses Zend, it would be good business for them to push the ZCE as PHP samurai for hire.

Programmable Web

This is what people in the know call the next step in web evolution. What does this mean for us programmers? Well, it means a simplifying of server function. More accurately put: it means server portions of applications will need to specialize around the data they are concerned with. No more highly customized data for the UI. This is what is lending itself to DFD (Design First Development). While DFD is a logical future step, it may not be the best design tactic for enterprise applications. As Joseph Moore brings out, it doesnt work well for scale.

Still the UI is coming back into the limelight as the driving force behind applications. My latest project is moving forward because of a nifty JS/CSS/HTML only mockup. Because I started there, I know that I can simplify my server code. I don’t want to say that DFD is the way to go, but sometimes it does help to consider it.

A qote for this week:
"And a word to website designers: Most of the time, most of us aren't looking for an "experience". We're just looking to find stuff. Bear that in mind." - Doc Searls

The Ajax Problem

I wont deny not being inspired by Alex Bosworth and Jeremy Keith, but I think that Ajax has become some what of a problem. As buzzwords go it has gotten way out of hand. There are even debates about what makes an application Ajax. Some say it only needs to use the XHR methods, others say it must pass XML.

Then there are the JSON posers who stick their nose up at the mention of Ajax. Their reasoning that their webapps don't use Ajax, they pass native JSON objects, which are faster. But then when they are asked how they pass data, admit to using XHR. But, they all look down their noses at anyone who uses flat HTML, and wouldn't even scrape their shoes on a site that doesn't use CSS or JS. I read an article in Linux journal Battle of the Ajax Mail Packages. I ask myself why does Ajax have to do with mail?

There are all kinds of buzz words that have gotten attention: Push, real-time, SOAP, DHTML, XML ... and they are all a part of our vocabulary now. At one time or another they all were the basis of hundreds of purchases. I have even been moved to 'sell' a concept with the Ajax buzzword. Ajax is a leap forward in web design, and people are so busy in thinking if the can use Ajax, they don't stop to think if they should.

When do you make an application a fat client? That is a choice I have a hard time making. I can develop faster and add features sooner when it is a web based application. There is no code roll, so I save time in supporting the installer and the application. Although the difference in function to the user isn't much there is more time involved in a client deployment.

This may lead one to think that a client application deployment is more thought out. Maybe you tend to be more careful when you deploy an application this way. Really? I'm not so sure. The same poor choices are made by the same bad decision makers weather it happens fast or slow. The problem there lies in procedure and engineering. "Ajax Applications" seem to be lacking emphasis on this. In fact a application may exists simply because it is just that, what they call an "Ajax Application". I hope we look back on 2005 and 2006 to see that we made the right choices, Ajax or not. Does a good application require Ajax? Is the fat client dead? A good application does not need to stand on buzzwords.
Give me a thought out app or become vaporware!

Your Browser Broke My Webapp

Readying to embark on my first highly JavaScript driven official project, I have been looking for answers to problems I have always had. I want to make this app user proof. One of the problems of single page JS driven “Chubby/Husky/Thick”(take your pick) apps is that most of them are developed without taking the rest of the browser into consideration. I have see many postings about the 'browser causing problems with their web apps'. Huh? The forward and backward buttons are said to break 'Ajax' applications. Isn't it called a 'browser'? It is ment to allow you to navigate documents. I read suggestions to 'build your own back and forward buttons to keep the user from using the ones in the browser'... again, what? I plead with all developers, do the research. Although there is that 'error' part in 'trial-and-error' programming. Usability studies as well as real world examples prove that duplicating controls for similar but not the same functionality cause user confusion. This post and many others. suggested giving web pages the ability to disable back and forward. I shudder to think of the irritating things that would lead to. Being truly trapped on some advertisement that makes you blush. It is clear that at over 20,000,000 hits on Google there are alot of people thinking about it. I read about an interesting hack today that raises a good question, which I will rephrase.

Why fight the browser?

Do you really want to work against the environment your application was designed to run? There are better ways. Like programmatically placing entries in the history of the browser. A good library for incorperating in your tool box is Really Simple History (Tutorial here). There is also proper use of cookies. Also ASP.NET has an interesting way of handleing it in the form of the state string. When not abused, this is an interesting way of handling things. The sad fact of the matter is that more often than not, it is abused. It though, does not directly handle the problem of bookmarks, which may be another subject. Also, there is discussion of a document.save() out there on W3C for discussion. There is an eventual need for the browser to be fully aware of what JavaScript is doing. Maybe it should even save some sort of dom history. IMHO unlimited DOM undo would be my eventual choice, but we will see.

So lets step back for a minute. As programmers we know what is easy. We know what is logical from an operation standpoint. But, what we need to ask ourselves is 'What is logical to the user?' I came across this post. This is the best question you can ask yourself. What has twenty-two years of programming taught me? It doesn't matter what I think about how it should be done. The end product needs to have an interface that users will use. If users knew what programmers new and thought like them, they would just have a bunch of databases out there and a black shell window for a desktop, forever typing in INSERT and UPDATE commands and telnetting from BBS to BBS. Sound like 1989?

So, I am sure someone will have something to say about this, but people see back and forward as undo and redo. Also when you close an application that has unsaved data, it should ask you if you want to save. Granted, not every click or keystroke needs an undo history, but there should be certain actions that a user should be able to undo. But, now, if we are using the back and forward buttons alone for this function, the user may not always logically seek them out for that function.

For those users who have been conditioned to the ways of the JS application, we can offer them what they perceive as additional functionality. That is undo and redo buttons. Hold your email, I do understand this is like what I said to begin with, two sets of buttons that do the same thing. The difference here is that the buttons do not look the same. This way we are seemingly adding a hook to the back and forward events and piping them to undo and redo. The user will think themselves clever if they figure this out. Yet another bonus.

So lets put this into perspective. How would this play out in the real world. Say a user is in your shopping cart. They click on an item thumbnail to see the details on that item. Then they decide to place that item in their shopping basket, and they click 'add to cart' or drag the thumbnail to their cart. Then they decide they don't want it in the cart. What do they do but hit the back button. Your application recognizes this and asks 'Are you sure you want to remove xxx from your shopping basket?' They say yes, and then the user wants to see the list like it was before they clicked on the thumbnail, and they click back again, and the details are closed. All without reloading the whole page.

Does this not seem natural? Actually, it may not to a conditioned web user. But that brings us back to what would happen if an unknowing user did hit back? Until the browsers give us some native way of dealing with this, we have to choose.

Cross Application Authentication (part 2 – The Server)
with Native .NET Forms Authentication


In the first of this series, I explained my troubleshooting process for justifying having two ASP.NET forms authentication applications. We would need one for 1.x apps and one for 2.x apps. We came to the conclusion that the application setup and design was straight forward, but would not work without getting our systems administrator hat out and getting up to our elbows in IIS. In this part of the series we will explain what needs to be done in IIS and your application configuration files to get you up and running with a cross application native ASP.NET forms authentication application.

Before we get down to it, I must acknowledge that this is the basic setup. It will work on a single IIS host. If you are clustering or load balancing this could be a good starting place. So lets get to it.

Simple Setup
There are plenty of documents out there on how to setup IIS and ASP.NET forms authentication. Lets skim over the high points of these documents. Then I will explain the shortcomings.

The first thing you will be told to do is modify your application’s web.config so that it knows where to send users for authentication. Something like this:

<system.web>
…
<authentication mode="Forms">
  <forms loginUrl="/myauth/default.aspx" 
       name=".MYAUTH"
         path="/"
/>
</authentication>
…
</system.web>

Remember our app was called myTestApp (at /testap/) and the authentication application was called myAuth (at /myauth/). The authentication token we were sharing was “.MYAUTH”. Now that we have myTestApp configured for authentication, we need to tell it who needs authenticated. For simplicity’s sake lets just deny everyone who is not authenticated like this:

<system.web>
…
<authorization>
  <deny users="?" />
</authorization>
</system.web>

The “?” means everyone who is not authenticated. This is in contrast with “*” which means everyone. So if this authorization block is in the root web.config for the application it will protect the whole application from unauthenticated users unless in a subfolder with another web.config as was demonstrated Part 1 of this series.

Now that your application needing protected is configured you need to make sure your authentication application is sending signals on the same channel. What do I mean by that? The configuration specified above is expecting a token named “.MYAUTH” to come across from the authentication application. So you need to tell it to use this name since the default is “.ASPXAUTH”. Specifying a unique name is paramount to having more than one authentication application running at the same time in a cross application design.

IIS Setup
Now that the application knows what it is doing IIS needs to know that the application will be taking care of it’s own authentication. How we accomplish this my navigating to the Directory Security tab under the properties of the directory your application in the IIS MMC. It can be found after clicking the ‘Edit’ button under “Anonymous access and authentication control”. “Anonymous access” needs to be enabled, and “Integrated Windows authentication” needs to be disabled, as well as “Basic authentication”.

Show Stopper Caveat
Now this is where most tutorials and documentation will leave you. ‘Have a nice day.’ So why doesn’t the one we just setup work? This after following numerous tutorials and reading numerous articles. Many of them with titles like “Forms Authentication Explained” and “Exposed: ASP.NET 2.0 Forms Authentication Secrets”. I was just waiting to find one that had a free offer to attend some motivational seminar. So we were back to the same problem.

It seemed like .NET wasn’t allowing the application to read the cookie, like it was isolating the applications. So I took a look at my code, everything seemed ok and then I noticed my call to RedirectFromLoginPage() and remembered one of the defaults values for the ‘forms’ element. It was called enableCrossAppRedirects. By default it was set to false “to indicate that forms authentication does not support automatic processing of tickets that are passed between applications on the query string or as part of a form POST”[1].

Was that my problem? It still didn’t work, so was it part of the puzzle? Not directly, but if the profile for a users browser indicated it was not capable of using cookies it could later cause problems.

Backwards Thinking
At this point I needed to ruminate on everything I hand done. Like an old cliché I decided that I needed to come at it from a different angle. Turn it upside down and think about the box. So maybe it is the desired default to prevent a token from passing to another application. So I set out to find out how to prevent this from happening. I found a MSDN article all about protecting forms authentication.

I started combing through the data. In the section talking about methods of encryption I noted an option that contained the phrase “IsolateApps”. The article stated that IsolateApps should be “set to true to ensure a malicious Web application in a shared hosting scenario cannot compromise the authentication mechanism for other applications”[2]. Well that is just silly, I would never pay for hosting that I didn’t own the base domain and thus was only a subdirectory. But I see the obscure possibility. So then how do you set it to “false”. This seemed to be the missing key. I guess if it is not set it would be assumed to be false.

This article stated that the machine.config.comments contains all the defaults for the machine.config. I did not find this line in the .comments file. Fortunately this article linked to an article[3] dealing specifically with the MachineKey element and where to put it.

I added the following line to my machine.config:

<system.web>
…
<machineKey
validationKey=”AutoGenerate”
decryptionKey=”AutoGenerate”
decryption=”Auto”
validation=”SHA1” />
</system.web>

A test, and it was working. My application could see that it was authenticated and how. It could also retrieve the username. There were however no roles associated with my user, which are central to the way some of my apps operate. So now it is time to get coding. The next article will cover the basics of forms authentication on the side of the programmer.

MSDN
[1] Explained: Forms Authentication in ASP.NET 2.0
[2] How To: Protect Forms Authentication in ASP.NET 2.0
[3] How To: Configure MachineKey in ASP.NET 2.0

Cross Application Authentication (part 1 – Trouble Shooting)
with Native .NET Forms Authentication


Where I work we have numerous applications written in .NET planted across our IIS root. Instead of each application authenticating it's users in their own way, we have a central authentication application. Then each application uses a shared dll to interpret this authentication. Up until recently all these applications were written on top of the .NET 1.x framework. When applications started to be written in against the .NET 2.o framework we ran into a few snags. The first part of this post will cover these snags so you can avoid them yourself. This information is taken from authorities resources, which are sited at the end. This is simply the interpretation and real world application of them. There are still some fact holes that I would love to fill. If you find this and can fill in the wonderment, feel free to comment.

Failure To Communicate
You can simply take a 1.x project and open it in Visual Studio (VS) 2005 and follow the wizard. Some would have you believe that the application will then just run without tampering with. Anyone with a any experience will tell you that if that happens you simply aren't in the forest to hear the tree fall, and you are just waiting for the other shoe to do the same.

After some code related problems that I will cover in Part 3, I found that when I tried to login to my application the forms authentication application would not give me any feed back, it would simply postback and refresh. I could purposely mistype my authentication and get the error back that confirmed my actions. This application was also working for many other 1.x applications at this time. This made me conclude that the application was not hearing the authentication token. A quick look at the cookies in Firefox confirmed that the cookie was there.
So was the cookie set properly for the page to be able to read it? I could see that the path on the cookie was ‘/’ and that the host name was correct, but to be sure I fired up Fiddler. After taking a look at the headers being sent to the server I saw that the cookie (we will call it ‘.MYAUTH’) was in fact being sent to the server. This made me wonder if the server was able to read the cookie. I threw together a quick webapp that we will call ‘myTestApp’. It tried to read the contents of the .MYPASPORT cookie. It could not. So I snagged a quick piece of JavaScript to read the cookie and added it to the default.aspx:

<script type="text/javascript">
function readCookie(name)
{
var nameEQ = name + "=";
var ca = document.cookie.split(';');
for(var i=0;i < ca.length;i++)
{
 var c = ca[i];
 while (c.charAt(0)==' ') c = c.substring(1,c.length);
 if (c.indexOf(nameEQ) == 0)
 {
   return c.substring(nameEQ.length,c.length);
 }
 return null;
}
}
</script>

This allowed me to see when the cookie was set.

The Hypothesis
I learned something when I setup my test app. When you are running 1.x code and 2.x code on the same IIS server you must put them in different application pools. This made gave me a hypothesis, that is 1.x apps are not allowed to talk to 2.x apps. A search of MSDN showed me that the preferred way of securing forms authentication is to prevent communication between applications. Also serialization and encryption was completely revamped for v2.0. This added weight to this hypothesis.

Proving What Lacked in Documentation
I looked for specific documentation on this but about the only thing I came across told me that the encryption and serializatoin had changed between 1.x and 2.0. This was emphasized by the error in the application log. It simply told me "Forms authentication failed for the request. reason: The ticket supplied was invalid". While this was enough proof for me, I have business owners I need to justify the deployment to. So to prove this in realworld terms I needed to build an authentication application on 2.x. (This was very easy using the 2.0 built-in authentication controls.) In the web.config I placed the following as instructed in the documentation at MSDN[1]:

<system.web>
<authentication mode="Forms">
<forms name=".MYAUTH06"
loginUrl="default.aspx"
path="/"
enableCrossAppRedirects="true">
</forms>
</authentication>
<authorization>
<allow users="*" />
</authorization>
</system.web>

I added a button that would not use the RedirectFromLoginPage() method but instead simply set the cookie with SetAuthCookieand(), then display that I was authenticated. I also added a means of displaying the cookie information on that page to prove that everything was set and that I could read the information in the intended fashion.

lblStatus.Text = "-" + FormsAuthentication.FormsCookieName + "-";
if (User.Identity.IsAuthenticated)
{
lblStatus.Text += "<br>Authenticated as: " +
      User.Identity.Name;
lblStatus.Text += "<br>From: " +
      User.Identity.AuthenticationType;
}

Then I needed a page that would need authentication in the same app. I created a subfolder and a page that used the same code as above to display the authentication information. Then I made a web.config file in that directory and added the following to it:

<system.web>
<authorization>
 <deny users="?" />
</authorization>
</system.web>

This proved that the application was working on it’s own. I then changed the web.config of myTestApp to look similar to the following:

<system.web>
<authentication mode="Forms">
<forms name=".MYAUTH06"
 loginUrl="/myauth/default.aspx">
</forms>
</authentication>
<authorization>
 <deny users="?" />
</authorization>
</system.web>

This sets the cookie name to key off of the newly defined name and redirect unauthenticated users (signified by ‘users=”?”’) to /myauth/default.aspx. By changing the name of the cookie, the users of the site may have to authenticate twice, but as long as their session is kept alive they can pass between applications without re-entering their credentials.

Now it was time to test. Imagine my dismay when I found that I got the same results. Authentication worked when dealing with the same application, but it seemed to be isolated from the other application. So I started in on the configuration of the server. This is covered in the next post.

Resources
TOOLS
Firefox
Web Developer Firefox Extension
Fiddler

MSDN
[1]Explained: Forms Authentication in ASP.NET 2.0
ASP.NET 2.0 Member/Role Management with IIS: Security and Configuration Overview
ASP.NET 2.0 Member/Role Management with IIS: Implementation

Get Programming for Free

Progress is good. It is now possible to get your dev environment setup for free in just about what ever language you want even on Windows. Lets start with C#. Go get the .NET Framework or Mono (yes even on windows). I am told that mono can compile to a single .exe without framework dependencies. Then you would do best to get an IDE, so grab SharpDevelop2 or MonoDevelop or even Visual Web Developer Express. Then get some cool libs like Atlas(AJAX), NPlot(Graphing) and especially Enterprise Library for .NET Framework 2.0. Then get up to speed with GotDotNet or MonoDocs or the quick start guide for ASP .NET Even get up and running on Oracle.

Oracle too has a way to get up and running for free. Download Oracle XE and SQL Developer. XE comes with a nice web interface for administering all of its aspects called HTMLdb, but at this time it is not available for the Enterprise server, so you would be best off getting used to SQL Developer. Then once you have it going you can drop a WAMP server in and start programming with PHP on the Zend Core for Oracle. Which is now free for Oracle XE.

My favorite way of getting a permanent install of PHP going is WAMP5 install package and management bundle. The version I am running came with Zend Optimizer. Then there are many IDEs to choose from but keep your eye one the Eclipse PHP project. Even though it is young it is moving along swiftly and is backed by Zend. My second favorite free IDE is Magma. IMHO an IDE should have good syntax highlighting, code completion, some sort of code snipit handling and active debugging. HTML-kit does all of those accept the debugging, only because a plugin has not been written yet to my knowledge. It has a highly customizable tool bar and you can download hundreds of pre-built toolbars from the site. Or you can even run PHP on the .NET framework with Phalanger which has Visual Studio integration too.

Speaking of commercial IDEs if you haven't checked out Komoto you should. It is one of the most capable cross language editors (Perl, PHP, Python, Ruby, and Tcl) and the personal edition is very affordable. If you are serious about PHP, Zend Studio is the only way to go. It is the only IDE that matches my above mentioned expectations and then surpassed them with Zend Studio Server and Zend Platform.

Which is the great part thing about programming with OSS now. You start with OSS which is free from licensing fees and then move to enterprise support for PHP, Mono or .NET.

Working with AJAX and Atlas this week. I hope MS is communicating internally so that they understand the limits of IE. When I first used AJAX (or more accurately: misused XHR to get flat text) I came square against the fact that you can not have an active stream open with IE. For instance read a character and then print it to the screen. This has been talked about before but I hope something is going to change with IE7. The other thing I find annoying is the caching that IE performs. If you make the same request over and over, you get the same thing back, over and over, even if the server changes. The best way to get around this is to add some random bits to the end of the request. But that was a couple years ago. Now we use frameworks. Just like IE Atlas is way behind the curve as far as just working. What is my issue? I have a cascading dropdown inside an Atlas panel. The queries take a few seconds, just long enough for you to click and change another dropdown... and low and behold, it stops responding. Oddly enough MajickAjax operates much more sound. I try to push .NET forward, but I still feel that the husky client is best written by hand. Has anyone seen a JASON lib for VS that works well?

ASP - but pay no attention to those other guys.

So with ASP.NET 2.0 you can really see where MS has learned from the other languages. Take for instance that ASP.NET 2.0 encourages you to leave the source on the server so that you can modify it on the fly. Even legacy ASP was better that way. Then what about Ajax? The guys over at '.NET rocks!' said that they have a hard time getting it to work, and when you do they don't want to touch it, for fear it will break. That being said there is a nice script.aculo.us type control set that is available for Atlas. The Atlas Control Toolkit gives some nice 'hood open' controls. Yes, the source is included. Refreshing, yes? This is a throw back to MS idea of community... read: let your employees blog and release code examples. While artificial, it leans in the right direction. The May 4th show talks more about Atlas, giving the impression that Kent Alstad is quite comfortable with Ajax and JavaScript.

They sound fascinated with JSON, and as a relatively new technology I guess that is good. The thing that strikes me funny about all this is that the 'Community' enjoys giving kudos to those who lead the .NET way, but to no one that created the technology they are using, unless though, it comes from the MS camp. The reason I find this funny is everyone in the OSS community especially LAMP are always openly learning and acknowledging other technologies even if they are competitive. For instance, I love to learn from cutting edge camps like RoR. Someday you might find a Google or Amazon built on Ruby. That is how I feel MS is but you will never hear them say RoR or even PHP. Very rarely will you even hear the word Java. So is Microsoft doing business like McDonalds? Marketing like there is no one else in the world. Look where McDonalds is now, a third rate fast food dive. That is, of coarse, unless you live in the Midwest. In that case it is 'da bomb' (which is also new vocabulary in that part of the country). Microsoft fail??? I wouldn't go that far, but who is to say they won't become the next IBM or even Digital.

Try this next time a MS marketer (or IT poser) tries to preach ASP.NET to you. Tell them you have decided to go with RoR because your biggest concern is cross platform user experience.

Why would that be a problem? Because everything Microsoft is doing is pushing toward Avalon. MS has never like the web. Granted they have made some money there, but it is a technology that, as a whole, they haven’t been able to control. The W3C has kept them from forcing everyone to buy into their silo. MS would love to alleviate the consumer from the burden of choice and competitive pricing. This was emphasized to me quite emphatically during the ‘.NET rocks!’ interview with Tim Huckaby. He through around things similar to ‘Everyone will be writing client apps, the web is out of style.’ I really liked it when there was threat of an IE vs. Fire Fox fight presented itself. Tim quickly dismissed it with ‘Only the technically elite use Firefox’. Is that because the captive MS Windows users have no choice, unless they learn to download and install something else? It was reminiscent of another IE discussion about IE7’s lack of support of CSS. The argument was made that there were customers that had developed against the broken support and so they were hesitant about moving forward with support. I like how additional features become a legacy support issue. Trying to cloud the uneducated mind with pointless drivel. Which further reminds me of fixing the ’hydro-coupling in my router cloud’ being the reason for my T1 not passing data.

What is that about history, or sticking your head in the sand? As a developer or simply a consumer, I implore you to pay attention to the other guys and educate yourself on the inner workings. If only enough to make a market jargon free decision.

The training flavor of the week this week is ASP.NET... 2003. Stepping back I really appreciate where VS2005/.NET 2.0 has taken me. What is the point in this WYSIWYG wobber if it doesn't do the repetitive stuff for you. Granted, you would want to build some dlls to minimize your typing if you were stuck with these older versions, but you are already clinging to the MS framework in the first place why should you stucco over their vinyl siding? In the long run it wont stick anyway. So for those of you using 2003 (and can't upgrade) you should go download the Database Access Application Block from MS if you haven't already.

This makes it painfully apparent how one gets caught in the MS 'deploy, upgrade, repeat' cycle that has built their empire.

So what I would like to see is an equivalent project in Mono. A Mono web frame work. I seem to remember seeing something around. If you know where it is let me know. I would bet that the Mono version would be much more keen on using design patterns and actually making things reasonably easy yet powerful that way.

Ok, maybe not so much. Oracle Forms is to interface design as BF is to programming. Sad thing is that a bunch of the office folk attended training so they could add to the quaint collection we already have to support. Encouragement for me to keep my head down and 'forget' all about it.

Oracle Forms... This week I take step into medieval database technology. This will be interesting.

Oracle Revisited

After a my first of three classes on Oracle, I feel refreshed. It is always good to revisit and update your SQL skills. It gives you a chance to update your product knowledge too. With Oracle XE I expect I will be using Oracle more often. Recently I have had some run-in with MS SQL and think less and less of it every day. I hope the latest version strives to embrace the ANSI standards a bit better. I also see where MySQL and Posgress take the good from Oracle and leave off the things that should be left to the programmer. I realized this week that Oracle does a good job of staying just ahead of the curve and satisfies whatever need customers may have, keeping them close to the product. After my first deep lesson on SQL+ I see why there have been so may applicant's that run on the DB alone. While times have changed, I see that Oracle has too. I look forward to getting under the hood of this beast in the next few weeks and refresh the DB grease on my hands.

More: What can PHP learn from C#?

Something to note about ASP.NET is that most of the C# programmers I know that are doing ASP are doing it without server control or the WYSIWYG interface building. Why? Because they understand that those tools are not ready to be trusted. We should acknowledge that WYSIWYG HTML editing has come a long way, especially from the MS camp (remember FrontPage97 markup?). But it still remains the majority consensus that if you build a web page you better know HTML. Even if an experienced person uses a WYSIWYG editor, they still spend time tweaking the HTML. Now days, CSS purists don't build web pages they build unordered lists that later get styled outside the scope of HTML.

Why do I bring this up? There is always the inevitable post that says Zend Studio or whatever PHP editor should have drag and drop control creation like .NET. The simple fact of the matter is that PHP programmers should focus on programming and webmaster should focus on design. Granted, both people need to have knowledge of the other. But the way that .NET handles this is wrong from a web standards perspective. It may be clever from a certain perspective. This does not mean that it is the proper and productive way for building applications. It certainly is not elegant.

Is there a way that this could be done that would be good and proper? Maybe. This is something I think about often. I have not seen it yet. It would require a framework specific representation of such a control. Rather than have a static 'preview' it would be interactive. Right-click and properties or edit. If an IDE wanted to accomplish this, they would need to have some sort of framework to back this sort of thing up on the server side. With the introduction of the Zend Framework, this could be a possibility. The IDE would need to understand whatever template or MVC framework it was dealing with and what code is relevant to what you were looking at. What if Komoto or PHPed incorporated Synfony or Cake, or both? Well now that I said it, I want to see it.

As long as I am talking about IDE features, another framework specific feature would be code generation. .NET has these really grate wizards for creating data objects bound to a specific db table. I really love the concept of Qcodo, and it builds great stub forms and database objects. If you had a project that was a web site, and you had a database browser built in, you could have a wizard that creates your base database object. You could do it Qcodo style or use the Zend_DB classes. If this is already out there, I would love to know. If it isn't, it should be. I have faith in the Eclipse PHP project and expectations for Komoto and Zend Studio.

I understand why IDE creators may be hesitant to bind themselves to a framework, but why bind to one. Make an extensible architecture that allows for more than one. That is another thing to learn from MS, silos have tunnel vision. There are a lot of things I don't like about VS, and I have no control over changing them. Enter #develop. I have some ideas on how to make my bed with MS. Stay tuned.

What can PHP learn from C#?

The first time this question popped into my head, my thought was 'Nothing'. That is, nothing that C# does that PHP does not is necessary. There are a few fun things that C# does that could be entertaining to have in PHP also, but, the fact of the matter is that there is more to learn not to do.

The first thing to be learned from it is: "don't try too much to imitate another programming language." C# picked up most everything, even the bad things, from JAVA. The name space feature is taken to a grotesque level. I realized this when I got a warning from VS that said that a call I made was depreciated. The call I should be using was twice as long and repeated itself three times. The worst thing is that I felt that I was being convinced that it was progress.

The next thing to be learned is that if you build an app like a fat client, it better be one. There is no room for this faking it dance. If I build it like a fat client that runs in a browser, it better be heavy on the JS on the client side. MS tries so hard to embrace, envelop, and rule the web. This isn't going to work unless they actually demonstrate a knowledge and understanding of the technology.

RBYWP

I think I just stumbled across a great new way of programming. You know what XP is, but what about RBYWP (pronounced Ru Boop) ? Run Before You Walk Programming - I guess I am really good at it, or so I am told. It makes sense though. I have all these ideas that I try to force .NET to do. Some work and others just wont. Since I am getting formal training this type of thing isn't too bad because I figure out different behaviors first hand so I remember them better. If I was continuing down this manner of learning I would hit a point where I would be my own worst enemy. This is where I think a lot of programming communities are at, and there is always a portion of a programming community (prog-o-sphere... nah) that will be at this point. Kind of like AOL users - everyone hates them because they do what others have worked hard to do, and they still don't really know what they are doing.

I thought I would take a moment to share my .NET Ajax experience. I have tried several implementations out there. The most obvious being Atlas. It seems to work well, but it isn't overly easy to use. I could get basic functionality when I built my forms with it in mind. The next one I looked at was Ajax .NET Pro. which seems to be even more robust. Unfortunately it is not easy to implement either. I have seen videos of Atlas being as easy to implement as throwing a panel around a controls, but I have yet to make that work. I muked around for a while with these until I decided that I need to find something I could tack onto my current apps, with little fuss. I thought there has to be something that is as easy to implement as Atlas is advertised to be. Where did I arrive but with MagicAjax. Now my first turn-off was the name. Anything in the programming world that calls itself 'magic' is... well, like the silos that are Microsoft and Apple. They would love for you to think they were magic. It is MSVS after all so I poked it into my web.config and onto my controller page, and ...

Have you ever been working on something that you were extremely intent on for hours? Constantly trying different directions, each taking a painful time investment? It is like your grandma searching room to room for a lost pet in a mansion. She frantically runs (or if she is like mine, painfully pulls herself) up and down halls opening door after door, turning each room inside out. Then while on her way to the next room, her pet ambles out into the hall and looks at her like: 'Whats your problem?'

Ya, like that. It just worked. I giggled out loud, which my cube neighbors may have found a little unnerving. At about 6' and 250lb, my mustache bearing unshaven face and Grizzly Adams like demeanor doesn't exactly leave you waiting for when I will giggle next.

The only thing I don't really care for is that I have little control over the calls, and I just end up working with it like it is a fat client, which still goes against my grain. Everthing in it's context, and me with my Rolex.

Domain vs. Scope

Something I find myself fighting is this domain namespace model. You would think it would be a great tool when combined with the intelligence of the IDE. The fact of the matter is that it is more cumbersome than it needs to be. I have come to see that it actually limits my ability when combined with the strong typing. I tried to no avail to get a custom control to pass an event up the page inheritance ladder. I asked a friend who told me that it couldn't be done. Now I am sure there is a work around for this. Maybe creating a message buss that fires global events... or ... Why the hell would I need to do that? So I skipped the whole 'Where do you want to go today? Oh, sorry, you can't go there.' experience and decided to fire an Ajax event from the control that in turn fires a page's event. I can see that there needs to be a balance. I need to have controls over my scope. I just need to figure it out.

I have started using place holders and controller collections. This is a useful concept in the scope of .NET. Especially when coupled with Ajax. I make an Ajax panel with a place holder in it and fire events that change the control on the place holder. It works as a nice little front controller pattern. I haven't figured out how to fire a method of the dynamically loaded control though. Strong typing is my bane. If I could get events to share more freely I would rule my apps. I keep hacking at the C# ASP .NET Chastity Belt. SHE WILL BE MINE!!

So what does it matter?
So what if the .NET community is gated? So what if I have to pay to learn and pay to use others code? Or so you may wonder if you came from you mothers womb with a crisp ten dollar bill in your hand. There may be nothing wrong with paying to keep your place on top. History shows that you can. It also shows that 'Necessity is the father of Invention.' If you need not you want not, so you don't innovate. IBM has found themselves square in that type of place. They see the top of the hill and figure there is no other place to go. Any good hiker knows that over each hill there is another waiting. Sure innovation comes in waves. There are always the new ways of using the new stuff. We will need new ways of doing things, and that will change things.

Take the definition of programmer for instance. Back in the mid '90s we would laugh at a hyper-card expert if they called themselves a programmer. But that is exactly what job descriptions are saying about people who use similar technology. We may not have considered a webmaster a programmer, but nowadays who is to argue with the term. We would be more apt to argue the title Webmaster. With technologies like Rails and TurboGears you can argue that there are a lot of people who have the title, but are nothing more than 'Script Kitties'. Where are the hackers of old? Who is really a programmer?

You see, from the top you think, what does it matter? So you shove your money at a bunch of people who call themselves programmers and you get a webapp that is meant to face thousands of users at any given minute based on Rails. Hay, it is Ajax and uses meta-programming, what do you care? Got a Rolex?

So maybe you just stopped and thought for a moment. Maybe not. The word counterfeit comes to mind. I am not saying that Rails is counterfeit, it has real potential. This is where expertise would tell someone that potential doesn't mean kinetic. If you still don't understand, keep reading.

So how do you figure out what is the real deal and what is faked, as in skill. How do you tell with a dollar bill? You get to know the real thing. If you printed out a one dollar bill on your inkjet and took it into the local department store and tried to pass it off on a full time cashier, you would land yourself in jail. They know the real thing, they handle hundreds every day. So it pays to know the real thing. How do you get to know it? Can you buy such knowledge. You may have been lead to believe this. Take a look at the certification industry. There is real value there, but there is also misplaced trust. Certs say, I have learned to give answers to the right questions. But where real skill comes in is identifying the wrong questions. Like 'Does our website use Ajax?'. Someone who is involved and out there doing what most of us just discuss are the people who are going to say 'That isn't what you need to ask yourself.'

If you would just use the tools given to you. Use them to solve all your problems, you wouldn't be bothered with such questions. Because you wouldn't have access to such technology until about the same time your boss asks about it, and you wouldn't have the opportunity to sound like you know what you are doing. Enter the 'Day Hacker'. People who are required to use technologies like .NET in their day job, but who want to be up on technology, experiment on their off time. They have tried Rails, and they have a box with a LAMP installation with Perl, PHP and Python so they can try out the latest in coding techniques. Some of these have even gone the dark route of experimenting with Mono C# and Gtk.

My point: are they paying to get into these communities? No. These communities flourish because of it. When you step out of the gates into Open Range Programming you find that you are better than the guy who built Atlas. In fact you are as good as the sum of your community. I would put any number of Open Range Programming communities up against MS. When I am using .NET, I am only as good as MS. Why? Because of the idea of job security. MS people feel threatened when you seem to understand what is under the hood. They don't want to tell you what they are doing or how because if you knew you could take their job. Worse yet, they could build a better app. Sure they look at what you are doing if you are willing to share, but if they see where improvements can be made, they keep it 'in-house'. But what if someone knows an even better way? They will never know, because that person wont say either. They 'take care of number one'. What they don't get is no one benefits, no one gains. They are the sum of one. Got a Rolex?

After a week of training and a couple days of hacking at existing code, I think that the transition from 2003 to 2005 shouldn't be made at the same time you are learning. Some of the projects I have are in 2003 and there are significant changes to sites when you open them with 2005.

There are a few positive improvements in 2005 though. One of the nice additions I have found are what are referred to as MasterPages. They seem to be a key template tool. Much more useful than a site theme or the like. MS does a good job of keeping you in the silo by offering just enough tools to keep you struggling with what they give you. I do think the programmers at MS are talented, but I would like to put others tallents to work too.

Here is another difference between .NET and PHP. In .NET you work with what you are given, and make finite mashup pages with these rebuilt controls as the ingredients. With PHP, you make it from scratch or choose a framework that includes control classes. At first consideration you may think that makes .NET the obvious choice. However, for those of us who are familiar with the paradigm that is the web, wonder why we need to forget reality and again think Microsoft's way.

Maybe it is VS that is my irritation at the moment. I still don't think that C# is that bad of a language. Although it too has it's aspects that don't fit to the text based nature of the Web and the dynamic nature of web sites. I guess if you want to understand what I am thinking, apply the 'square-peg-in-round-hole' feeling to Visual Studio. Sure you want to make the user feel like they are using a fat client. If you make the programmer feel that they are building a fat client, you better do all the middle logic for them. What I am getting at is the tool requires the programmer to think the MS way about a concept he already understands. This is may the way that MS wants to go.

Another thing is odd. When I was using VB6 there were all kinds of communities surrounding it and using it with other technologies. The VB6 community offered help and code freely. Never once have I gotten the impression that it is easy to integrate standards or other code with .NET. I would love to tack on a Rico to put it's authors talents to work. I would love to patch into Yahoo, Google, Amazon... As I search around the web, every site I hit, weather MS or not, I feel pushed to become dependent on what is provided by MS or another silo that is dependent on MS. I don't get a feeling of community. There are sites that have tutorials, demos and code but they charge for them. The .NET community is a gated facility where everyone is afraid of violating the covenant and getting shunned if they plant poppies instead of daisies. How does this foster creativity? MS seems to be struggling to keep up with real innovation like AJAX. When they do implement it it is reduced to a bloated featurette like a Market Street Rolex to let you fit in at a coctale party. Well? Do you fit in? That is all that matters right?

Yesterday I ran into something interesting in C#. The ability to make a class iterable and control it with the equivalent of getters and setters. It is kind of hard to explain. If I get a chase later I will post an example. While the almost the same effect can be achieved in PHP it would be a sort of hack. The feature is a bit of a novelty, but it can be practically applied. Although the actual gains would be obscure. A fun feature none the less.

The more I deal with strong typing it seems like less of a desired feature, and more of a hassle. It may make you feel like you are really being particular about the way your code operates, but all the overhead of casting variables back and forth seems like over complication. I especially think that this could be the bain of an online app. I think the Zend Engine was engineered in the right way when it comes to this. The very nature of the web and HTTP is all string/text based. For you to have to cast that to the right type, and then recast it to use it somewhere else in your app seems to be like dancing with a broom. Any performance gains from dealing with smaller variables is lost because you may end up re-casting that variable several times before the cycle ends. I guess this was deemed ok since the overhead really doesn't matter too much in a client app. But who really writes apps that only one person uses at a time?

If a person is writing only web apps, I still think PHP skills are more Ninja like.

A couple days into training have given me some insight, and raised some red flags. One fear I have has to do with the ease of a person to go from developing client only code to developing web interfaces. The project I inherited has a control that really wished it was in a client app. It loads massive amounts of data into a nice little collapsing grid. Which on a desktop app, where you have but a couple of considerations for performance and stability would be nicely at home with the rest of your slapped together VB6 or VBA doodads. However putting a network into the picture, and the nature of the web, this control falls well short of being web worthy. Then if we take into consideration the simplicity of many other database fronteds that exist on the web in a wonderfully simple to use format. Then add to that the availability of actually creating and managing a fat web client with JS, and the whole thing seems so 1991. It reminds me of this VRML chat room I once visited... you get the picture.

So I guess I can complain all I want, but as one of my coworkers pointed out, there needs to be a solution or it is just whining. I admire MS hopping on the bandwagon with their patterns and practices with Enterprise Library. I really thing that taking what they have there and customizing it to fit your business is the way to structure against such problems, but it all comes down to coders not being lazy, and having proper code review in place.

As far as .Net .vs Zend? I have seen a couple things I would like to see in Zend Studio. The fact of the matter remains, I prefer control over being hand fed. I have to agree with Michael over at WebDevRadio and Marcus Whitney at Pro PHP that it really is a different tool, with a different focus. It is less about the language, and more about the tool. It is like the difference between being a painter or a printer. There may be a measure of art to whatever you are doing. You accomplish similar things in different ways. Depending on if you take yourself seriously, you will prefer one over the other, because one will be art to you.

Another day closer to the formal training, and I am a little worried about being board out of my mind. It looks like a class for non OOP programmers. This brings up an interesting point of irritation for me. Why does everyone assume that PHP programmers don't use OOP. I have been using OOP for more than 10 years. Any PHP programmer that doesn't use OOP hopefully isn't building applications of much size.
...
aside:
Oh, but wait, this is the thing that irritates me about an all too large portion of the PHP community: anti-OOP activists. What other programmer community has that? Certainly not the Python community?
...
To most people here in the mid-west 'Professional PHP Developer' is a contradiction in terms. Technology moves slow, so technologies that adapt and move fast are seen as 'flash in the pan' technologies. Like the web. Which wasn't a household word until the 'dot com crash'. You can see where I am going with that. Granted, dialup (when achievable) was mostly the only way to get connected. Even then it was likely to make you want to drive into town and get a book.

So what am I getting at? The biggest turn-off in the direction of C# is the attitude about where I am coming from. I have been programming since before most of these people comprehended what a mouse was in connection with electronics. But before I get too heated, I need to acknowledge that most of them are simply regurgitating the words spoken to them by whatever 'instructor' they had. I say 'instructor' because most have learned from inexperienced 'book readers' who try to impersonate teachers, but just end up regurgitate the words of whatever book they were told to use. At this point you are probably wondering how I learned, and some of you already know. I read. I research. Most of all, I use. I test a knowledge source for validity by putting their words to use. If I see that they speak from experience, and have sound reasoning. I tend to seek their flavor of methodology further, until I dry them up, and I move on to the next source. Usually someone that is really good at what I am trying to learn will quote other good sources for knowledge. Any wise person, not only practices their knowledge, but they take into consideration many sources, so that their wisdom is a sum of all the sources, and not the product of a single mentor , or book-reading-mentor-impersonator as it were.

I have been doing this forever. I will still be doing it after these have failed, and become roofers or managers at Starbux. That, or the rest of them are old enough, they will retire.

So, now that it is out of my system, what about the code? Ajax Magazine pointed me to a great comparison of Ajax frameworks for .NET. I really hope MS pulls their performance out of the gutter when Atlas gets released. What I think I learned from this is that I will need to implement Rico on my own for a minimalist approach. I wonder if I will be able to implement an Ajax backend using a web service? As I toy with Studio, I get the impression that minimalists are something that are rare in the .NET landscape. A lot of the code I find on the web is vacant of grace. Which doesn't mean it is any different from other languages such as PHP. But I guess I will be starting at the same point, muddling through mediocre tutorials and example code to gain a better understanding of the language, so that I can find elegance under my own power. I guess that is what makes me a code snob, and sets us apart from the muddling web designers. Who , drunk with the prospect of programming, seem to find new wrong ways of doing things. But, to whom we owe our lowly public image.

Being a Zend Certified Engineer, and somewhat of a code snob, I was intrigued by the thought of being required to learn C# so that I could adopt support of some applications. I decided to start this blog to record how it goes. I hope to look back and see how I have broadened my horizons.

My first thoughts coming into this is that many out there think of .NET as simply a parallel tool. Either Zeev or Andy said at some pint that .NET is the primary competitor to PHP. From my present perspective, I think that .NET is more of a competitor of Zend. The reason for this thought is that I don't feel that PHP performs as optimized on Windows as the various .NET technologies. I reason that naturally Microsoft works best with Microsoft, which has been one of their problems in the past (although the seem to have realized this).

The other difference I see coming into this is that they use the term 'managed language' often to refer to the .NET landscape. While it may not be what they mean, I hear this as meaning what Linux zellots refer to as 'black box'. Like a car with the hood welded shut, you can drive it and push the buttons or flip the switches, but when it comes down to it you really cant get under the hood. Which, do you really want your grandmother getting in there and playing with wires and hoses? But for those of us code 'mechanics' who drive the web equivalent of the Daytona 500 on a daily basis, there isn't much that can be taken away from a win or loose if we can't look under the hood.

All that off my chest, I can see the advantage to RAD. Like having the bumpers up when bowling, anyone could score a perfect 10 with the major effort swallowing obstacles out of the way. And all that implies... and so it begins.