BusinessRx Community

January 2009 - Posts

• ASP.NET MVC 1.0 Release Candidate Now Available

  Today we shipped the ASP.NET MVC 1.0 Release Candidate (RC).  Click here to download it (or visit www.asp.net/mvc).  It works with both Visual Studio 2008 and Visual Web Developer 2008 (which is free). Today’s RC is the last public release of ASP.NET MVC that we’ll ship prior to the final “1.0” release.  We expect to ship the final ASP.NET MVC 1.0 release next month. In addition to bug fixes, today’s build includes several new features.  It also includes some refinements to existing features based on customer feedback.  Please read the release notes that ship with the ASP.NET MVC download for full details on all changes.  The release notes include detailed instructions on how to upgrade existing applications built with the ASP.NET MVC Beta to the RC. Visual Studio Tooling Improvements The RC includes several new Visual Studio tooling features (above and beyond the existing support in the beta – which I won’t cover here).  These features include: Add Controller Command You can now type Ctrl-M, Ctrl-C within an ASP.NET MVC project, or right-click on the /Controller folder and choose the “Add->Controller” context menu item to create new controller classes: This will cause an “Add Controller” dialog to appear that allows you to name the Controller to create, as well as optionally indicate whether you wish to automatically “scaffold” common CRUD methods: Clicking the “Add” button will cause the controller class to be created and added to the project: Add View Command You can now type Ctrl-M, Ctrl-V within a Controller action method, or right-click within an action method and choose the “Add View” context menu item to create new view templates: This will cause an “Add View” dialog to appear that allows you to name and create a new view (it is pre-populated with convention-based options).  It allows you to create “empty” view templates, or automatically generate/scaffold view templates that are based on the type of object passed to the view by the Controller action method.  The scaffolding infrastructure uses reflection when creating view templates – so it can scaffold new templates based on any POCO (plain old CLR object) passed to it.  It does not have a dependency on any particular ORM or data implementation. For example, below we are indicating that we want to scaffold a “List” view template based on the sequence of Product objects we are passing from our action method above: Clicking the “Add” button will cause a view template to be created for us within the \Views\Products\ directory with a default “scaffold” implementation: We can then run our application and request the /products URL within our browser to see a listing of our retrieved products: The RC ships with a number of built-in scaffold templates: “Empty”, “List”, “Details”, “Edit” and “Create” (you can also add your own scaffold templates – more details on this in a moment).  For example, to enable product editing support we can implement the HTTP-GET version of our “Edit” action method on our Products controller like below and then invoke the “Add View” command: Within the “Add View” dialog we can indicate we are passing a “Product” object to our view and choose the “Edit” template option to scaffold it: Clicking the “Add” button will cause an edit view template to be created with a default scaffold implementation within the \Views\Products\ directory: We can then run our application and request the /products/edit/1 URL within our browser to edit the Product details: To save edit changes we can implement the HTTP-POST version of our “Edit” action method on our Products controller: Notice in the code above how in the case of an error (for example: someone enters a bogus string for a number value) we redisplay the view.  The “edit” and “create” scaffold templates contain the HTML validation helper methods necessary to preserve user input and flag invalid input elements in red when this happens: You’ll rarely end up using a scaffold-created template exactly as-is, and often will end up completely replacing it.  But being able to get an initial implementation up and running quickly, and having an initial view template for your scenario that you can then easily tweak is really useful. Because the scaffold infrastructure supports scaffolding views against any plain-old CLR object, you can use it with both domain model objects (including those mapped with LINQ to SQL, LINQ to Entities, nHibernate, LLBLGen Pro, SubSonic, and other popular ORM implementations) as well as to create scaffolds with custom Presentation Model/ViewModel classes. Adding and Customizing Scaffold Templates ASP.NET MVC’s scaffolding infrastructure is implemented using Visual Studio’s built-in T4 templating architecture (Scott Hanselman has a nice blog post on T4 here).  You can customize/override any of the built-in ASP.NET MVC scaffold template implementations.  You can also create additional scaffold templates (for example: the “ScottGu Crazy Look” scaffold option) and have them be displayed as options within the “Add View” dialog. To customize/add scaffold templates at the machine-wide level, open the “C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\ItemTemplates\CSharp\Web\MVC\CodeTemplates” folder: The “AddController” sub-folder contains the scaffold template for the “Add Controller” dialog.  The “AddView” sub-folder contains the scaffold templates for the “Add View” dialog: The scaffold templates populated within the “Add View” dialog are simply text files that have the “.tt” file-name extension.  These “.tt” text files contain inline C# or VB code that executes when the template is selected.  You can open and edit any of the existing files to customize the default scaffolding behavior.  You can also add new “.tt” template files – like I have above with the “Scott Crazy Look.tt” file.  When you add a new template file the “Add View” dialog will be updated to automatically include it in the list of available scaffold options: In addition to customizing/adding template files at the machine level, you can also add/override them at the individual project level.  This also enables you to check-in the templates under source control and easily use them across a team. You can customize the scaffold templates at a project level by adding a “CodeTemplates” folder underneath your project.  You can then have “AddController” and “AddView” sub-folders within it: You can override any of the default machine-wide templates simply be adding a “.tt” file with the same name to the project.  For example, above we are overriding the default “Controller.tt” scaffold template used in “Add Controller” scenarios.  You can add new view-template scaffold files to the list by placing them within the “AddView” folder.  For example, above we added a “Yet Another Crazy Look.tt” view template to our project.  When we use the “Add View” dialog we’ll now see a union of the templates defined at the machine and project level: Note: When you add “.tt” templates under the \CodeTemplates folder make sure to set the “Custom Tool” property of each of the “.tt” template files to an empty string value within the property grid (otherwise you’ll get an error trying to run it).  You might also need to close and reopen the project to clear a spurious error from the error list.  We’ll be publishing more blog posts that cover creating/customizing scaffolding templates shortly. Go To Controller / Go To View The RC build now supports the ability to quickly navigate between the Controllers and Views within your projects.  When your cursor is within a Controller action method you can type Ctrl-M, Ctrl-G to quickly navigate to its corresponding view template.  You can also perform this same navigation jump by right-clicking within the action method and selecting the “Go To View” menu option: In the example above we used the “Go To View” command within the “Edit” action method of the ProductsController class.  This will cause the \Views\Products\Edit.aspx view template to be opened and have the default focus within VS: Within view templates you can also now type Ctrl-M, Ctrl-G to quickly navigate to the view’s corresponding Controller class.  You can also perform this navigation jump by right-clicking within the view template and selecting the “Go To Controller” menu option: MSBuild Task for Compiling Views By default when you do a build on an ASP.NET MVC project it compiles all code within the project, except for the code within view template files.  With the ASP.NET MVC Beta you had to roll your own MSBuild task if you wanted to compile the code within view templates.  The ASP.NET MVC RC build now includes a built-in MSBuild task that you can use to include views as part of the project compilation process.  This will verify the syntax and code included inline within all views, master pages, and partial views for the application, and give you build errors if it encounters any problems. For performance reasons we don't recommend running this for quick compiles during development, but it is convenient to add to particular build configuration profiles (for example: staging and deployment) and/or for use with Build or CI (continuous integration) servers.  Please review the release notes for the steps to enable this. View Refactoring Support The names of the files and folders under the \Views application sub-folder will now automatically be updated when you perform controller class rename or action method rename using the “Rename” refactoring command in VS 2008.  VS 2008 will apply the standard convention-based naming pattern to existing view files/folders when the Controller class is updated. View Improvements The RC build includes a number of view-specific enhancements that were incorporated based on feedback during the preview releases. Views without Code-Behind Files Based on feedback we’ve changed view-templates to not have a code-behind file by default.  This change helps reinforce the purpose of views in a MVC application (which are intended to be purely about rendering and to not contain any non-rendering related code), and for most people eliminates unused files in the project. The RC build now adds C# and VB syntax support for inheriting view templates from base classes that use generics.  For example, below we are using this with the Edit.aspx view template – whose “inherits” attribute derives from the ViewPage<Product> type: One nice benefit of not using a code-behind file is that you'll now get immediate intellisense within view template files when you add them to the project.  With previous builds you had to do a build/compile immediately after creating a view in order to get code intellisense within it.  The RC makes the workflow of adding and immediately editing a view compile-free and much more seamless. Important: If you are upgrading a ASP.NET MVC project that was created with an earlier build make sure to follow the steps in the release notes – the web.config file under the \Views directory needs to be updated with some settings in order for the above generics based syntax to work. Model Property With previous builds of ASP.NET MVC, you accessed the strongly typed model object passed to the view using the ViewData.Model property: The above syntax still works, although now there is also a top-level "Model" property on ViewPage that you can also use: This property does the same thing as the previous code sample - its main benefit is that it allows you to write the code a little more concisely.  It also allows you to avoid using the ViewData dictionary in cases where you want the view template to only interact with the strongly-typed model passed to it. Setting the Title The default master-page template added to new ASP.NET MVC projects now has an <asp:contentplaceholder/> element within its <head> section.  This makes it much easier for view templates to control the <title> element of the HTML page rendered back – and not require the Controller to explicitly pass a “title” parameter to configure it (which was the default with previous ASP.NET MVC builds and we thought questionable from a responsibilities perspective).  For example, to customize the <title> of our Edit view to include the current product name we can now add the below code to our Edit.aspx template to drive the title directly off of the model object being passed the view: The above code will then cause the browser to render the title using the Product name at runtime: In addition to setting the <title> element, you can also use the above approach to dynamically add other <head> elements at runtime.  Another common scenario this is useful with is configuring model/view specific <meta/> elements for search engine optimization.  Strongly Typed HTML/AJAX Helpers One of the requests a few people have asked for is the ability to use strongly-typed expression syntax (instead of strings) when referring to the Model when using a View's HTML and AJAX helper objects. With the beta build of ASP.NET MVC this wasn't possible, since the HtmlHelper and AjaxHelper helper classes didn't expose the model type in their signature, and so people had to build helper methods directly off of the ViewPage<TModel> base class in order to achieve this.  The ASP.NET MVC RC build introduces new HtmlHelper<TModel> and AjaxHelper<TModel> types that are exposed on the ViewPage<TModel> base class.  These types now allow anyone to build strongly-typed HTML and AJAX helper extensions that use expression syntax to refer to the View's model.  For example: The HTML form helper extension methods in the core ASP.NET MVC V1 assembly still use the non-expression based string syntax.  The “MVC Futures” assembly released today (which works with the RC) has a few initial implementations of expression-syntax based form helper methods.   We are going to iterate on these a bit longer and then consider adding them into the ASP.NET MVC core assembly in the next release.  You can of course also add your own helper methods (using either strings or strongly-typed BLOCKED EXPRESSION.  The built-in HTML/AJAX helper methods can also optionally be removed (because they are extension methods) if you want to replace or override them with your own Form Post Improvements The RC build includes a number of form-post specific enhancements: [Bind(Prefix=””)] No Longer Required for Common Scenarios The RC build no longer requires you to explicitly use a [Bind] attribute (or set its prefix value to “”) in order to map incoming form post parameters that do not have a prefix to complex action method parameters. To see what this means, let’s implement the “Create” scenario for our ProductsController.  We’ll begin by implementing the HTTP-GET version of our “Create” action method.  We’ll do this with code below that returns a View based on an empty Product object: We can then right-click within our action method, choose the “Add View” command and scaffold a “create” view template that is based on a Product: Notice above how our Html.TextBox() helper methods are referencing the “ProductName” and “SupplierID” properties on our Product object.  This will generate HTML markup like below where the input “name” attributes are “ProductName” and “SupplierID”: We can then implement the HTTP-POST version of our “Create” action method. We’ll have our action method take a Product object as a method parameter: With the ASP.NET MVC Beta we would have had to add a [Bind(Prefix=””)] attribute in front of our Product argument above – otherwise the ASP.NET MVC binding infrastructure would have only looked for form post values with a “productToCreate.” prefix (for example: productToCreate.ProductName and productToCreate.SupplierID) and not found the submitted values from our form (which don’t have a prefix).  With the RC build, the default action method binders still first attempt to map a productToCreate.ProductName form value to the Product object.  If they don’t find such a value, though, they now also attempt to map “ProductName” to the Product object.  This makes scenarios where you pass in complex objects to an action method syntactically cleaner and less verbose.  You can take advantage of this feature both when mapping domain objects (like our Product object above) as well as with Presentation Model/ViewModel classes (like a ProductViewModel class). A completed implementation of our Create action method (including basic input type error handling) might look like below: Now our create action will save the Product object if all values are entered correctly.  When a user attempts to create a Product with invalid Product property values (for example: a string “Bogus” instead of a valid Decimal value), the form will redisplay and flag the invalid input elements in red: ModelBinder API Improvements The model binding infrastructure within the ASP.NET MVC Release Candidate has been refactored to add additional extensibility points to enable custom binding and validation schemes.  You can read more about these details in the ASP.NET MVC RC release notes. Model Binders can also now be registered for interfaces in addition to classes.  IDataErrorInfo Support The default model binder with ASP.NET MVC now supports classes that implement the IDataErrorInfo interface.  This enables a common approach to raise validation error messages in a way that can be shared across Windows Forms, WPF and now ASP.NET MVC applications. Unit Testing Improvements The ASP.NET MVC RC includes some significant improvements to unit testing: ControllerContext changed to no longer derive from RequestContext The RC build includes a refactoring of the ControllerContext class that significantly simplifies common unit testing scenarios.  The ControllerContext class no longer derives from RequestContext and now instead encapsulates RequestContext and exposes it as a property.  The properties of ControllerContext and its derived types are also now virtual instead of sealed – making it significantly easier to create mock objects. To see how this helps, let’s consider an action method like below that uses both the “Request” and “User” intrinsic objects: Testing the above action method with previous ASP.NET MVC builds would have required mocking RequestContext and ControllerContext (with some non-obvious constructors that also brought in a RouteData object). With the RC build we can now unit test it like below (using Moq to mock a ControllerContext for our Controller that allows us to simulate the Request.IsAuthenticated and User.Identity.Name properties): The refactoring improvements made help out not just with testing Controller actions – but also help with testing filters, routes, custom actionresult types, and a variety of other scenarios. AccountsController Unit Tests The ASP.NET MVC Project Template included with the RC build now adds 25 pre-built unit tests that verify the behavior of the AccountsController class (which is a controller added to the project by default to handle login and account management scenarios).  This makes refactoring/updating AccountsController easier.  The AccountsController implementation has also been modified to more easily enable non-Membership Provider based credential systems to be integrated. Cross Site Request Forgery (CSRF) Protection Cross-site request forgery (CSRF) attacks (also referred to as XSRF attacks) cause users of a trusted browser agent to take unintended actions on a site.  These attacks rely on the fact that a user might still be logged in to another site.  A malicious Web site exploits this by creating a request to the original site (for example: by linking to a URL on the site using a <img src=””/> element on the hacker site). The request is made using the user’s browser and thus with the user’s authentication token and credentials. The attacker hopes that the user’s authentication or session cookie is still valid and if so, the attacker can sometimes take disruptive action.  You can learn more about this hacking technique here. The ASP.NET MVC RC now includes some built-in CSRF protection helpers that can help mitigate CSRF attacks.  For example, you can now use the Html.AntiForgeryToken() helper to render a hidden input token within forms: This helper issues a HTTP cookie and renders a hidden input element into our form.  Malicious web-sites will not be able to access both values. We can then apply a new [ValidateAntiForgeryToken] attribute onto any action method we want to protect: This will check for the existence of the appropriate tokens, and prevent our HTTP-POST action method from running if they don’t match (reducing the chance of a successful CSRF attack). File Handling Improvements The ASP.NET MVC RC includes a number of file handling enhancements: FileResult and File() helper method The RC build adds a new FileResult class that is used to indicate that a file is being returned as an ActionResult from a Controller action method.  The Controller base class also now has a set of File() helper methods that make it easy to create and return a FileResult. For example, let’s assume we are trying to build a photo management site.  We could define a simple “Photo” class like below that encapsulates the details about a stored Photo: We could then use the new File() helper method like below to implement a “DisplayPhoto” action method on a PhotoManager controller that could be used to render the Photo out of a database store.  In the code below we are passing the File() helper the bytes to render, as well as the mime-type of the file. If we pointed a <img src=””/> element at our action method URL the browser would display the photo inline within a page: If we wanted an end-user to be able to download the photo and save it locally, we could implement a “DownloadPhoto” action method like below.  In the code below we are passing a third parameter – which will cause ASP.NET MVC to set a header that causes the browser to display a “Save As…” dialog which is pre-populated with the filename we’ve supplied: When a user clicks a link to the /PhotoManager/DowloadPhoto/1232 URL they’ll be prompted to save the picture: File Uploading Support The RC build also includes built-in model-binder support for uploaded files and multi-part mime content.  For example, we could have a <form> whose enctype attribute is set to “multipart/form-data” perform a post to the /PhotoManager/UploadPhoto URL.  If a <input type=”file” name=”fileToUpload”/> element was within the form it would cause the file selected by the end-user to be passed to our action method as an HttpPostedFileBase object: We could then use the HttpPostedFileBase object to get access to the raw bytes of the uploaded file, its mime-type, and optionally save it to a database or disk. AJAX Improvements The ASP.NET MVC RC includes a number of AJAX enhancements: jQuery Intellisense Files included within ASP.NET MVC Project Template Newly created ASP.NET MVC projects now include both the standard jQuery library (both full and compressed versions), as well as the –vsdoc intellisense documentation file used by Visual Studio to provide richer intellisense support for it (you can learn more about this here): This enables rich jQuery JavaScript intellisense within client-script blocks and JavaScript files: Today’s RC build ships jQuery 1.2.6.  We are planning to ship the upcoming jQuery 1.3.1 release for the final ASP.NET MVC 1.0 release, and will include an updated JavaScript intellisense file for it.  Request.IsAjaxRequest Property The Request.IsAjaxRequest property can be used to detect whether a request is being sent from an AJAX call on the client (and is useful for scenarios where you want to gracefully degrade if AJAX is not enabled).  The logic within this method was updated with the RC to now recognize the “X-Requested-With” HTTP header (in addition to the form field sent by ASP.NET AJAX).  This is a well known header sent by JavaScript libraries such a Prototype, jQuery, and Dojo – and now enables a unified way to check for AJAX within an ASP.NET MVC request.  JavaScriptResult ActionResult and JavaScript() helper method The Controller base class now has a JavaScript() helper method that returns a new ActionResult class of type JavaScriptResult.  This supports the ability to return raw JavaScript that will then be executed on the client by the built-in ASP.NET MVC helper methods.  This can be useful for scenarios where you want to cause conditional JavaScript to execute on the client based on server logic. Summary We are pretty excited to be in the final “home stretch” of ASP.NET MVC V1.  Please report any issues you find with the RC build as soon as possible so that we can get them resolved for the final release.  The team plans to carefully monitor feedback over the next few weeks, and assuming no big issues come up ship the official V1 build next month. Hope this helps, Scott Posted Tuesday, January 27, 2009 3:13 PM from ScottGu's Blog | 0 Comments Filed under: .NET, ASP.NET, Visual Studio, MVC

• Building a BabyCam

  My wife and I are in the midst of 'sleep training' our daughter, trying our best to get her accustomed to taking adequate naps during the day. This usually involves going through the daytime nap routine, moving her to her crib, and then leaving the room. This is usually immediately followed by crying for a period of time, which we pick up on our baby monitor, but then there is silence, blessed silence! But because our baby monitor is audio only, we are left wondering - is she really asleep or is she just lying there, staring off into space? And if, 45 minutes later, we hear some noises, is that Alice rousing from her nap or is she just shifting around in her sleep? Do we go check up on her and risk waking her from a light slumber? Oh, to be a new parent. If capitalism is to be any guide, it is clear that we are not the only parents who would benefit from a video monitor. There are several video baby monitor models on the market, and there are countless wireless surveillance cameras available, from low-grade wireless web cams to highend, night-vision security cameras that would not look out of place affixed to the exterior of a bank. But what fun is buying something when you can spend half a day jerry-rigging your own solution? If you have a spare computer, a wireless network, and a web cam you can build your own BabyCam! The BabyCam my wife and I built is composed of the following hardware: A spare laptop that was bought circa 2001. A Sony PCMCIA wireless network card that had been previously used with this laptop, as this laptop is so dated that it does not have integrated WiFi support. An old Logitech WebCam 4000 that I picked up a few years back and had sitting in the closet. To get the BabyCam going, simply hook up the web cam to the computer and position them in the baby's room as desired. To broadcast the images captures by the web cam to computers in other rooms (or, potentially, any computer on the Internet), you'll need some software. I use Microsoft Windows Media Encoder 9, which is free and can be downloaded from http://www.microsoft.com/windows/windowsmedia/download/AllDownloads.aspx. Once you have the software installed it's pretty easy to get it going - you set it up to broadcast a live recording, specify the video and audio source, and choose to have the broadcast 'pull from the encoder' (rather than setting up a Media Server). That's all there is to it! Once you've got the broadcast going, you can view it from any other computer in your home network by opening Windows Media Player, going to File --> Open URL and entering the appropriate URL, which, by default, will be http://machineName:8080, although you can configure what port is used for the broadcast. And if you are interested in sharing BabyCam with the world, you will need either a static IP address or a service like DynDNS and then configure your router to properly forward incoming requests on a specific port to the BabyCam computer. There's a great step-by-step guide on setting up the Windows Media Encoder software along with tips on how to open the BabyCam to Internet-wide access at: Setting Up a Live Webcam Feed. Posted Tuesday, January 27, 2009 5:46 AM from Scott on Writing | 0 Comments

• What’s Wrong With This Code? (#21)

  This version of WWWTC is dedicated to closures. We can use closures and functional programming in general to create elegant, succinct solutions, but sometimes we can also create subtle bugs.  Exhibit A. The C# developer who wrote this code expected DoSomething to be invoked with the values 0 through 9, but something is terribly wrong. for (int counter = 0; counter < 10; counter++) { ThreadPool.QueueUserWorkItem( state => DoSomething(counter) ); } What’s the problem? Bonus Round A JavaScript developer is working with the following markup. <div class="header"> <div class="detail">Detail 1 …</div> </div> <div class="header"> <div class="detail">Detail 2 …</div> </div> <!-- and so on--> When the user clicks inside a detail section, the developer wants to change the background color of all the other header sections. Thinking of one way to achieve this behavior, the developer first tests the jQuery not method. $(function() { $(".header").each(function() { alert($(".header").not(this).length); return false; }); }); This code correctly alerts the user once and displays the total number of headers – 1.Emboldened with this proof of concept, the developer puts in the required CSS manipulation and embeds the code into a click event handler. $(function() { $(".header").each(function() { $(".detail", this).click(function() { $(".header").not(this).css("background-color", "red"); }); }); }); Suddenly, things aren’t working and every header section turns red. What went wrong? Posted Tuesday, January 27, 2009 5:30 AM from OdeToCode Blogs | 0 Comments

• Redirecting with the Click of a Button

  Every ASP.NET developer, at some point or another, has created a page with a Button that, when clicked, redirects the user to some other page. This is typically implemented by adding a Button control to the page, creating a Click event handler, and adding a Response.Redirect, perhaps passing along some user input through the querystring. There are two shortcomings with this approach: It involves an extra round trip to the server for the Button postback, which just generates a redirect message. If there is an associated TextBox where the user enters some value and that is transmitted via the querystring, you need to worry about what happens if the user presses the Enter key while focused in this TextBox. There's a postback, most likely, but what Button is considered clicked? This issue becomes more apparent if you have several TextBoxes on a page, each with a Button, that, when clicked, takes the user to some other page passing along the related TextBox's value through the querystring. See Enter and the Button Click Event for a thorough discussion on this topic... The good news is that a jot of JavaScript can help surmount both of these shortcomings. I've created a simple custom server control that packages this JavaScript and behavior into a single, easy to use control, which I call RedirectButton. You can learn more about this control, as well as download the complete source code, at RedirectButton - Redirect Users With the Click of a Buton. Happy Programming! Check out more of my free ASP.NET server controls at My Code Projects page! Posted Thursday, January 22, 2009 8:06 AM from Scott on Writing | 0 Comments

• The Software Cure For A Financial Meltdown

  In my role as amateur financial analyst I like to read the publications taking an in depth look at the current financial turmoil. I then try to imagine the software tool that could have prevented the turmoil and saved the world millions billions trillions gazillions of dollars. This seems like no small feat for software considering the intricate world built by modern financial engineering - a world where terms like “collateralized debt obligation” are tossed around like dice at a craps table. However, I never imagined the answer could be so simple … First, some background. I find the current situation interesting because ten years ago I joined an Internet startup by the name of Ultraprise.com. At Ultraprise, we tried to create an online exchange for the secondary mortgage market. Let’s say you have a bit of money saved and want to buy a house, so you find a bank that will loan you the rest of the money you need to buy the house.The bank could then wait for your to repay your loan over the next 30 years and slowly make money on the interest they charge you, but many banks just want to sell your loan to someone else and receive cash in return. Wikipedia has solid coverage of this process in the Securitization entry. The fresh cash received from the sale of your loan allows the bank to stay liquid and fund more loans. But, to sell the loans the bank needs to find a buyer, and this is where Ultraprise came in. Fannie and Freddie pick up roughly half of the mortgages in the U.S – that is their job, but the rest of the pie is still a substantial amount of debt for sale. At Ultraprise we built a web application for banks to upload pools of loans they wanted to sell. Buyers could then login and bid on the pools. The idea was to cut out the brokers who typically sit in the middle of these transactions and take a cut. Economies of scale meant our fees would be substantially less than the typical fees. Fail Ultraprise was out of business after three years, despite having a substantial number of loans posted in the system. We couldn’t sell loans. Part of the problem was, I think, that the people who buy loans really like the human touch that a broker adds. Rib-eye steaks and martinis sell more products than a dull web page full of numbers. Another problem was getting mortgage data in and out of the system. There was no standard format for pushing mortgage data. Every bank with a loan for sale required a custom import, and every bank looking to buy loans wanted to download data into their custom software for analysis and due diligence. My experience at Ultraprise led me to believe that banks were exceedingly risk averse and highly analytical, and that they required lots of data before making decisions involving millions of dollars. Thus, I was quite surprised to learn that today’s banks have no clue about the cards they are holding. “ … a major stumbling block for banks is having the right data on hand …”  - American Banker “…the reason that banks don’t want to lend to each other anymore is that they don’t trust that the other banks really know the value of their mortgage-backed securities … because they themselves don’t trust the value of their own.” – Aster Data All this secrecy comes in the wake of an economic crisis brought about in part by a proliferation of financial instruments so opaque that virtually no one understood the risks. – USA Today Epic Fail There have been documented changes in the mortgage industry since Ultraprise closed. For example - the lowering of lending standards allowed banks to give more money to people with lower credit scores. However, the outstanding change from my perspective was how those loans were sold to investors. What follows is an extremely gross simplification. As subprime lending increased, the banks found it harder to sell pools of loans. The risks were too high for the big-money conservative investors like pension funds, and the possible rewards were too little for the hedge funds addicted to double digit growth. Thus, the rise of the aforementioned collateralized debt obligation, a.k.a the CDO. The investment banks use CDOs to package mortgages, subprime loans, home equity loans, automobile loans, credit card debt, corporate debt, and used cat litter into products they slice up and sell to investors in private offerings (with the help of strippers, martinis, and appalling judgments by our trusted credit rating agencies).  However, not all of the slices from a CDO are an easy sell (particularly the ones filled with risky loans and cat liter). So … firms will create a CDO squared (CDO^2) from the undesirable slices of multiple CDOs – essentially dressing up pigs with lipstick for the next big investors ball. You can be assured that a CDO cubed (CDO^4) will then arise from the dumping grounds of multiple CDO^2s, and then … well … CDO^N should give you an appreciation of how deep into the rabbit hole an investor can fall. Investment banks issued hundreds of billions of dollars in CDOs over the last 5 years. Why did the risk averse investors, like the banks and the pension funds, stand in line to buy these CDOs and the other credit derivatives that Warren Buffet labeled “financial weapons of mass destruction”? In part because a CDO does a good job of obscuring it’s underlying qualities– the loans, the assets, but most of all the risk. It was all a sales job, and something that an unknown software company could never pull off.  Then How Could Software Help? The $765 million “Mantoloking CDO 2006-1” was underwritten by Merrill Lynch and is the prime example of a “toxic asset”. The Mantoloking, a CDO squared, was built from the unwanted slices of 126 other CDOs, and is perhaps the most infamous CDO because its spectacular losses facilitated the disappearance of at least two hedge funds. You can find the 200 page prospectus online. It’s a lot to digest. In his paper “The Credit Crunch of 2007: What went wrong? Why? What lessons can be learned?”, esteemed financial engineer John C. Hull says transparency is needed. [CDOs] … are arguably the most complex credit derivatives that are traded. Lawyers should move with the times and define these instruments using software rather than words.  Sound familiar? To me it sounds like the software practice of using executable specifications - TDD and BDD for the financial world. No one can hide behind wordy documents and inflated credit ratings. They have to look at real numbers. The only question is - do we write these specifications in C#? Ruby? Haskell? It turns out that Mr. Hull already had a language in mind. You can find it in his paper as footnote #8. Given its widespread use in the financial community VBA is a natural choice for the programming language.  What? A Microsoft Excel spreadsheet with macros might have saved our banks, our brokerage accounts, and our retirement funds? It’s a stretch, but with the proper models in place it’s certainly a step in the right direction. Mr. Hull’s paper has other prescriptions for the finance world, too, as software is only part of the solution. You can never stop anyone who wants to skip due diligence and go directly to short-sighted greed, but I’d like to think that if our industry could make good software more readily available to the business world, the problems we are experiencing today wouldn’t be quite so bad. Posted Thursday, January 22, 2009 12:50 AM from OdeToCode Blogs | 0 Comments

• Announcing Zerk Media

  I have decided that due to The Lounge and Ruby Row doing well and my goals around creating additional networks I am going to form a subsidiary of Infozerk called Zerk Media to focus on the advertising side of my business. I am still working on the official paperwork to get the accounting and business aspects done but I went ahead and put together a simple site and blog. In the past I have blogged about the status of the networks on this blog, but that is going to change and I will be blogging about The Lounge, Ruby Row, and other networks on the Zerk Media blog. I want to blog about each new publisher and advertiser without filling up this blog with that information. I will continue to blog about the technical aspects of building these networks and the infrastructure behind them on this blog as well as any new major announcements. I will also continue to blog about business decisions and ideas on this blog. So if you are interested in continuing to follow how the networks are doing please subscribe to the new blog. -James Posted Tuesday, January 20, 2009 4:54 PM from Infozerk Inc.: averyBlog | 0 Comments Filed under: averyBlog

• Silverlight and the 2009 Presidential Inauguration

  Tomorrow’s presidential inauguration of Barack Obama will be a truly historic event. Silverlight is being used as an enabling technology on several sites that will allow those of us who can’t be there in person to share the experience online. Presidential Inaugural Committee The Presidential Inaugural Committee has worked with iStreamPlanet to enable live and live and on-demand video streaming of the Inauguration events at the official Presidential Inaugural Committee web site: www.pic2009.org. It streamed its first live video on Saturday, with the train ride that took President-elect Obama from Philadelphia to Washington, D.C. The official Inaugural swearing-in ceremony, speeches and parade will also be streamed live online on Tuesday, January 20.   You can read more about the Presidential Inaugural Committee here. CNN and MSNBC with Photosynth CNN and MSNBC are both launching Photosynth viewers that will help capture the Oath of Office experience. They will combine pictures takes from professional photographers with pictures uploaded from people in the crowd to create an interactive Photosynth experience of the event using Silverlight’s built-in DeepZoom feature to deliver an amazing 3D viewing of it. Check out CNN’s and MSNBC’s pages a few hours after viewers send in their pictures of the inauguration crowd, the President-elect’s raised hand, and everything in between. You can learn more about Photosynth and Silverlight from the Photosynth team blog here. This week will be an exciting part of history.  Hope you get a chance to enjoy experiencing it with Silverlight! Scott Posted Monday, January 19, 2009 3:21 PM from ScottGu's Blog | 0 Comments Filed under: .NET, Community News, Silverlight

• Routing and Rewriting

  ASP.NET 3.5 includes a URL routing engine and IIS 7.0 can use a URL re-writing engine (x86) (x64). Routing and rewriting sound very similar, but so do robbing and rewarding – you can’t judge features using phonetics. Ruslan Yakushev wrote a great article on this very topic last year: “IIS URL Rewriting and ASP.NET routing”. Ruslan outlines the conceptual differences between the two URL hacking approaches as: URL rewriting is used to manipulate URL paths before the request is handled by the Web server. The URL-rewriting module does not know anything about what handler will eventually process the rewritten URL. In addition, the actual request handler might not know that the URL has been rewritten. ASP.NET routing is used to dispatch a request to a handler based on the requested URL path. As opposed to URL rewriting, the routing component knows about handlers and selects the handler that should generate a response for the requested URL. You can think of ASP.NET routing as an advanced handler-mapping mechanism. Read the full article and I’ll think you’ll find that routing and rewriting turn out to be complementary pieces. For example, you might use rewriting for request blocking and enforcement of canonical URLs, while at the same time using ASP.NET routing for friendly URLs in your application. One advantage of using the ASP.NET routing engine in that scenario is that you can use all the routing rules to not only route requests, but also generate URLs when you put links on a page. The rewriting rules are opaque to an application. Posted Sunday, January 18, 2009 9:46 PM from OdeToCode Blogs | 0 Comments

• It's Time to go Full-time

  Last week my latest contract wrapped up. It was originally supposed to be a six month contract but ended up going over 18 months. I first went independent and formed Infozerk back in 2004 and since that time I have spent the majority of my time on long-term contracts. The stability of a long-term contract is nice, but sometimes it can feel too much like being a full-time employee. My main issue with this contract was that it was hard to find the time I need to dedicated to The Lounge and Ruby Row to make sure they are doing the best they can. Going forward I am going to avoid both long-term contracts and full-time contracts, but more importantly over the next 2-3 months I am going to focus full-time on The Lounge and Ruby Row (and building other new networks). Over the last 12 months both networks have done very well and while they aren't generating enough revenue to justify quitting consulting completely, my hope is that by focusing full-time I can get to the point where I won't need consulting anymore very quickly. This is slightly contrarian to my normal stance that people should wait to quit their job until their project is generating enough revenue to completely replace their other income (either consulting or full-time job) but I feel strongly that I can't grow these networks and business past their current state without being able to spend all my time on them. I have also had this in mind for quite some time so I have saved money in the business and can continue to pay myself my normal wage for long enough to justify taking this chance. I do feel this is very different from just saving up money and quitting to try out a project that isn't making any money as The Lounge and Ruby Row are making enough to make me feel much more comfortable about quitting. I am incredibly excited to have this chance to focus full-time on this project and really see if I can make it work. Over the next 2-3 months I hope to launch a number of new networks and continue to grow The Lounge and Ruby Row. I am also going to start working on a transition to Amazon EC2 to enable me to continue to grow in the future. I plan on blogging about it every step of the way. -James Posted Sunday, January 18, 2009 6:45 PM from Infozerk Inc.: averyBlog | 0 Comments Filed under: averyBlog

• SQL Tip: Displaying a Padded Number

  A common requirement for reports is to left or right pad a number so that it conforms to a certain format or so that all the numbers in a column are aligned. Padding a string in VB or C# code is a cinch thanks to the String class's PadLeft and PadRight methods. But what if you need to apply the padding directly in your SQL SELECT query? Microsoft T-SQL includes an STR function that takes as input a numeric value and returns a string. You can optionally provide a length, which indicates how many characters the resulting string contains, with the numeric value right-aligned. For example, the statement: PRINT '|' + STR(1, 3) + '|' Outputs: |  1| In other words, the STR function displays the numeric value - 1 - as a string of three characters. Because 1 only requires one character, the first two characters are spaces. If needed, you can use SQL's REPLACE function to replace the spaces with some alternate character. For example, the following left pads the passed in number with 0s. PRINT REPLACE(STR(1, 3), ' ', '0')    -- Outputs 001 In general, you can left pad a number using the following pattern: REPLACE(STR(numberToPrint, totalLength), ' ', 'characterToLeftPadWith') And now a challenge for you, my dear reader: Can you come up with a general pattern for a T-SQL statement for right padding a number? The inputs would be numberToPrint, totalLength, and characterToRightPadWith. Posted Sunday, January 18, 2009 3:10 AM from Scott on Writing | 0 Comments

• Astonishment Principles and Framework Behavior

  The “Principle of Least Astonishment” (a.k.a the principle of least surprise (POLS)) is a guiding design principal for UIs, APIs, and interfaces of all types. Peter Seebach says: Throughout the history of engineering, one usability principle seems to me to have risen high above all others. It's called the Principle of Least Astonishment -- the assertion that the most usable system is the one that least often leaves users astonished. POLS plays a role in framework design, too. One framework behavior that I’ve always felt violated POLS was the ToString implementation of the System.Xml.XmlDocument class. XmlDocument document = CreateSomeXml(); string result = document.ToString(); You’d think that calling ToString on an XmlDocument instance would give you a hunk of XML. But - it doesn’t matter how many nodes you have in the document, the ToString method will happily produce the following string every single time: System.Xml.XmlDocument This string represents the fully qualified type name of the object. Thanks, .NET framework! I wasn’t sure I was working with an XmlDocument. Now tell me, how do I get the XML out of this thing? Take 2 The new XML API in .NET revolves around XElement and friends in the System.Xml.Linq namespace. This API fixes the astonishment factor of the ToString method.  XDocument document = CreateSomeXml(); string result = document.ToString(); That above code yields real XML – angle brackets and all. In fact, LINQ to XML tends to “do the right thing” in many scenarios. For example, extracting an integer out of an attribute is just one cast operator away: XDocument document = CreateSomeXml(); int i = (int)document.Root.Attribute("bar"); Now that we have all the surprises out of the way, we can all get back to work and make the world better. Wait? What’s that? My Expectation – Your Heartache Of course there are a plethora of options you might want to specify when producing a textual representation of an XDocument. There are encoding options, indentation options, new line options – the list goes on and on. You can get to these options with the WriteTo method of an XDocument, but not with ToString. ToString has to pick some defaults. One of the defaults in the ToString implementation is to omit any XML declaration, and this causes some people grief.  Just recently I came across a post in a Ruby form. The topic was a debate over the naming of mathematical functions, and Matz says: Ah, please stop mentioning POLS whenever your personal expectation is not satisfied. I'm sick of them. Trying to follow the principle of least surprise is one thing, but never surprising anyone is impossible. What has surprised you recently? Posted Wednesday, January 14, 2009 11:53 PM from OdeToCode Blogs | 0 Comments

• Taking over the Alt.Net Podcast

  Starting with the next episode I will be running the Alt.Net Podcast. I have been on a number of latest podcasts to slowly transition over and so Mike can show me his workflow on producing the podcasts. I have been helping Mike with sponsorships for the podcast since the first episode and when he mentioned he was thinking of giving up the podcast I volunteered to take it over. I think the Alt.Net podcast has been one of the more positive things in the Alt.Net community and I hope to continue that tradition. I don't have any experience running or producing a podcast so this should be interesting. If you have an idea for a show please drop me an email! -James Posted Wednesday, January 14, 2009 9:56 PM from Infozerk Inc.: averyBlog | 0 Comments Filed under: averyBlog

• App Configuration and Databases

  Jeffrey “Party With” Palermo recently posted on “Separating configuration from data lowers total cost of ownership”: My recommended progressions of configuration locations are as follows.  Specific requirements should be the driving factor that cause you to move configuration from one medium to the next costly alternative. In the code In a file In a database Some other system-specific external configuration store I wanted to call out option #3, which is to put configuration information in the database. Over the years, I’ve heard numerous proposals for putting configuration information in the database. Nearly every proposal has a good counterargument. Putting configuration information in the database is easier. Easier than checking in code? If so, then you might have a problem with your source code repository. More often than not, “easier” means someone is trying to circumvent testing, check-in policies, revision control, or code reviews.These are all things you shouldn't avoid. Our configuration information is very complicated. Complexity isn’t something a database can fix. The configuration will still be complicated, and to make matters worse - it’s now in the database! We need to access configuration values from everywhere. If this is a highly distributed system, then this might be a good argument, but sometimes “everywhere” means “the business logic inside of stored procedures”. There is no reason to make it easier for business logic to sneak into the database. The database should be one of your last choices as a repository for configuration information. Configuration in code is easily tested, versioned, changed, and refactored. As Jeff said – only a specific requirement should drive you to a more costly alternative like the database. Posted Sunday, January 11, 2009 10:59 PM from OdeToCode Blogs | 0 Comments

• Dates and Times - Software's Bane

  I’ve always been amused by date and time problems in software, and in my mind I often juxtapose “real” time against “software” time.  Real time inexorably marches forward, while software time can go forwards, backwards, left, right, and sometimes belly up. Inside this theater of my brain, real world time is played by a dead panning Steve Martin, while software’s interpretation of time is a buffoonish John Candy. You can’t help but laugh at the contrast – it’s a classic comedic recipe. Naturally, I chuckled when last week’s Zunicide turned out to be leap year related. I also giggled at the Pontiac gaff, chortled when I read about crashed DVRs, tittered over the stalled Norwegian trains, and cackled at Cisco’s Kerberos slipup. For non stop laughs I can read the Leap Zine -  a birthday club for anyone born on February 29th. The stories the leap babies can tell are endless. Problems with driver licenses, insurance policies, and rental car companies. The list goes on and on. Some leap babies alter their birth certificates just to avoid the entire mess. Do leap years represent an edge case? That was one of the topics for debate today on Twitter. I don’t believe leap years fall under the strict definition of an edge case, but they are obviously tricky enough that we’ve consistently screwed them up - and it’s not always a laughing matter. In 1996, a leap year bug shut down 660 computers at a New Zealand aluminum smelter and cost the plant over $1 million in repairs. I’m sure they fixed the bug, but I think there is still a problem with their pronunciation of aluminum. It’s 4 syllables, everybody – ah-LOO-meh-num. There are also numerous time bugs in software that aren’t leap year bugs. Remember the Win98 date rollover bug? Ever used software with an inadvertent time bomb? How many glitches exist because of the two digit year? Developers are cursed when it comes to date and time handling. And just when you have it figured out, some government, or Pope goes and changes the rules. Leaps and Boundaries Q: Why shouldn’t the following test pass? [TestMethod] public void A_Name_Would_Give_It_Away() { DateTime almost2009 = new DateTime(2008, 12, 31, 23, 59, 59, DateTimeKind.Utc); DateTime newDate = almost2009.AddSeconds(1); Assert.AreEqual(2009, newDate.Year); } A: Because 2008 included a leap second. Technically, the last second for 2008 on the UTC clock was 23:59:60 (not that any runtime I’ve ever used correctly accounts for leap seconds). If leap years are a minefield for developers – at least they are a predictable minefield. We know when leap years will occur in the future. All we need is the diligence and thought to write some proper algorithms. Leap seconds are a different matter. Q: How many UTC seconds will elapse between now and January 1st, 2012? A: Nobody knows Leap seconds are a periodic adjustment made to UTC time. The IERS announces the need for a leap second in a bulletin they publish every 6 months. Maybe we will have a leap second this year, maybe not. We have millions of seconds elapse in a year, though, does anyone care if we miss just one? Ask the makers of a Motorola GPS receiver that is rumored to be utilized in some fast moving, explosive munitions. If time wasn’t so important to civilization, I think we’d try to circumvent all these problems by just not mixing clocks with computers. Posted Tuesday, January 06, 2009 8:36 PM from OdeToCode Blogs | 0 Comments

• HTTP Redirection Tip

  I'm writing a series of concise montly web development tips over at DotNetSlackers.com. My first tip, published in December, looked at caching data for the lifespan of a request, which is a quick and easy way to improve the performance of data-driven web applications that have pages where the same data is requested multiple times per request. My most recent tip takes a deeper look at HTTP redirection. Every ASP.NET developer is familiar with Response.Redirect, but do you know what happens behind the scenes when you do a Response.Redirect? In a nutshell, it sends an HTTP 302 status back to the client with the redirection URL. The 302 status code is used to indicate that information has temporarily moved; there is another HTTP status code (301) that indicates that a resource has permanently moved. You should use a 301 redirect when using URL rewriting, “retiring” old URLs, or doing a website structure re-org. For more information check out the tip, An In-Depth Look at HTTP Redirection. Posted Monday, January 05, 2009 3:26 AM from Scott on Writing | 0 Comments

• Rails for .NET Developers and the Alt.Net Podcast

  Last year I had the opportunity to be a technical reviewer on Rails for .NET Developers by Jeff Cohen and Brian Eng (of Softies of Rails fame). I haven't done a technical review in a long-time and it wasn't half as painful as I remembered. It helped that the book is well written and an enjoyable read. I definitely think this book is the best place to start for a .NET developer who wants to learn Rails. The book isn't a substitute for reading mainstays like Agile Web Dev with Rails or The PickAxe book, but by reading this book first you would be able to pick up the concepts much easier and quicker. I was also thrilled just to be involved with a pragmatic programmer book, since I am kind of a fanboi, and even ended up with a quote I gave them on the back cover. A couple weeks ago I also did a quick Alt.Net Podcast (more on the podcast later) with Jeff, Brian, and Mike Moore. It was a good time and I think it turned out nicely. -James Posted Friday, January 02, 2009 6:32 PM from Infozerk Inc.: averyBlog | 0 Comments Filed under: averyBlog