Biff's 2005 PDC Newsletter

Technical Content of this issue - 2 out of 5

The Part About Me

I'm staying at the Wilshire Grand. The room is a little small, but functional. The walls are a little thin. I actually changed rooms this morning because there was a group of three guys in the room next door. They weren't "call the desk and complain" loud, but I definitely knew exactly when they got in and exactly when they got up. The hotel did a nice job moving me even though a room was not available at that moment in the morning. When I got back to the hotel this evening, my suitcase as well as a computer cable I had left in the old room were in my room.

My only complaint would be the accuracy of their language. The first night I went down the hall to get a soda from "Ice and Vending" - the sign was completely accurate, except for the "and Vending" part. There is not a soda machine in the whole hotel that I have been able to find. They advertise "Complimentary Wireless High Speed Internet Access Available in Guest Rooms." - which is completely accurate if 6 kb/sec is considered High Speed. I expected slightly faster.

Great service, mediocre facilities - I think they should change the name to the Wilshire Pretty Good. I think the URL is still available.

The Great PDC Blackout of '05

The front part of the Convention Center is essentially all glass and the corridors are all filled with natural light, so when the escalator going up to the second floor was stopped after lunch, I, like any other regular rider of the DC Metro system, assumed it was broken. A few minutes later I overheard the phrase "power's out." Hmmmm. Sure enough, when I got to my presentation hall, which was not filled with natural light, it was apparent that all the power in the building was out. There were a few emergency lights on, but no screens, no mics, no PCs, etc. Everyone came in and sat down anyway and started discussing the situation. The speaker got up and told us that the power was out for at least several blocks and they did not know when it would be back on, but he wanted us to know why we were sitting in the dark. Someone observed we were probably sitting here because it had not yet occured to us to start looting.* (oooh - edgy humor!)

After about 20 minutes the power came back on and the day proceeded. Turns out that workers had connected the wrong two wires somewhere (story). Computer operations were screwed up for a little while longer, with Internet access unavailable from the Convention Center. I heard two guys talking that their ISP was down - in a wonderful illustration of irony their unavailable ISP was named "Web Hosting for Life."

*For everyone that enjoyed the looting joke, I'm sure there are some who thought it in terribly bad taste. First I would point out that bad taste is the motto of this publication, but I would also offer the following verbal apology - here.

Today's Session - Patterns and Practices for Designing Service Oriented Applications

Today's session featured many speakers, but was led by Ron Jacobs, product manager for Microsoft's Patterns and Practices group. This is the group that created that applications blocks and lots of reference materials on the correct way to construct .NET applications. In discussing the origins of the Patterns and Practices group, he admitted that all of the stuff they wrote in the 90's "made it really easy to write the wrong thing quickly. We have to give you some help about the way we think solutions should be built." I'm a big fan of this group and the info and artifacts they provide. The presenters were once again well-prepared and engaging, but the content of the session was again a little thin. It was essentially a combination of several talks.

The first talk was Patterns for Service Orientation by Ron Jacobs. He started off with the four tenets of of Service Orientation (stop me if you've heard these)-

Boundaries are Explicit
Services are Autonomous
Services Share Schema and COntract, not Class
Service Compatibility is Determined by Policy.

Oh...you have heard these, never mind. I get the feeling we are going to hear them alot this week, I guess that's OK, because they are important, but I will stop listing them and refer to them only as TFTOSOA from now on. He spent time talking about 2 Anti-Patterns that tend to screw up early SOA attempts.

The first was CRUD like interfaces, where you set up the contract like you would for a Create, Read, Update and Delete type of application. Problems this leads to are-

Things like iterations end up requiring state in the service - eg - I, as a client, start to iterate through a set of something using a cookie you provide to identify myself. Say I get the first two, then don't come back for a little while. How do you know when it is safe to let me go? How many of these "open iterators" are you willing to keep around?
The interface is likely to be overly chatty - Services are neccessarily the most efficient mode of communication, especially web services. Each request can be expensive from an infrastructure point of view, with security, serializing, etc. and we want to keep the count of interactions to a minimum.

The other anti-pattern he discussed was "Loosey-goosey" interfaces, or interfaces that don't do a good job controlling access to their functionality. The example he used was a service that wraps a database. When a client wants info from the database, the service owner rightfully says, "no way are you hitting my database, you need to go through the service." So far, so good. Then the service owner creates a method called ExecuteSQL that takes a SQL command as an argument. That would be a loosey-goosey interface.

One interesting point he made is that "No solution is 100%" and that you should watch for your data consistency getting corrupted. He suggested a consistency check process that monitors your database to find any inconsistencies as soon as possible, using the analogy of a canary in a coal mine. (how many of you are humming the Police song in your head right now?)

I didn't get alot of the next several talks, so don't have much to say about them. They went over some new patterns that the P and P group were implementing, but they didn't seem particularly useful to me, perhaps I don't have the vision to appreciate them. At one point, they spent an hour discussing something called the Composite Application Block, a fat client that allows the developer to write small UI's for web services that are then all hosted in one window. It was very smart client centered. There was an interesting observation about in the early nineties when we all liked client/server development with code on the desktop, Microsoft called it "Rich Client." Then the web came around and we didn't like that anymore, so we started calling it "Fat Client" as opposed to the preferred "Thin Client." Now, MSFT wants us to go back, so they are calling them "Smart Clients." Perhaps they will change again and in 4 years we will be calling them "Know it all Clients" or "Smart Ass Clients."

The last session was a presentation by a VP from Pacific Life discussing their adventure with SOA. This was the most interesting part of the entire day, both from content and the interesting, interactions with the Microsoft folks on the stage. Points he made-

When exposing external web services, they had problems that not all their clients had knowledgeable .NET, Java or even XML developers to write the calling software. They started getting into the development support business trying to help the dysfunctional teams to successfully call their services. They ended up writing proxies, or compiled components to distribute to their clients that encapsulated the interaction with their services and exposed properties and methods that the client teams were accustomed to. This was the first sign of conflict with the other presenters as this breaks one of TFTOSOA, but as the VP said, "hey, I gotta survive." This is exactly what Verisign does with their credit card processing, they provided NASD with a DLL that we call that then calls their web service. I'm assuming they do this to ensure that the credit card info is encrypted exactly right.
Although they have an Enterprise System Bus (ESB), it is not used in every scenario - some services are called directly. If he did it again he would have every call go through the ESB as right now he has no reliable way of knowing who is a client of which service. Ron Jacobs (MSFT) joked that in that case you just pull the network wire and field the calls to find out, to which the VP replied, "Yeah, that's how they do it at Microsoft."
They used an ESB purchased by Sun in July (I didn't catch the name). If they did it again he would use BizTalk.

The best nervous laughter on stage came when he was discussing how they test with external clients without risking their production environment. Ron quipped that the P and P group just worried about development, they don't worry about test and production, leading to-

VP - "You all don't talk about them much"
Ron - "No"
VP - "Yeah, funny how that works"

(That's when there was the nervous laughter)

Biff's PDC Mailbag

LM from NY writes - "Great pictures from Day 1. I feel like I was right there with you. Looks like an exciting trip to LA. Did you lose weight?"

For those not with us yesterday, Lenore is referring to the PDC Photo Album - updated with even more images today.

LM - Glad you like the pictures. I have not lost weight, but the camera always takes off about 5 pounds for me. I was also wearing black which many people say is slimming. -Ed.

RW from MD writes - "Hey, my take on WSE is that is that it is MSFT's stop-gap implementation of the WS-* specs until Indego [sic] gets here. Once Indego [sic again] does get here...will want you to use Indego [sic yet again]. There is a migration path for WSE to Indego [si...aw, you get the picture] and since Indego is so close and will ship on XP, 2000, 2003 and Vista so I'm not sure why they wasted your time with WSE."

RW - Excellent point. Once Indigo ships WSE will probably be deprecated. However, in 2003 MSFT was saying don't use WSE 2.0 unless you had to, because Indigo was coming and moving might be a problem. Now it is 2005, there is no Indigo and they are about to release WSE 3.0 to production. Yesterday the presenter (not a Softie, but connected) made a reference about probably having another release of WSE for Indigo in the future. Somewhere I'm pretty sure I heard someone claim that WSE would have 5+2 support (5 years, plus another 2 with paid extended support). All this tells me that WSE has a bit of a future and Microsoft is recognizing that after several years of it being the only WS-Security option it must provide a smooth transition, but everything is up in the air. I will try to pin someone down this week to get firmer details on this topic. -Ed.

Tomorrow

Tomorrow the conference truly kicks off with the keynote address by Bill Gates as part of the 3 hour general session in the morning. Wise attendees will not drink alot of coffee as I believe there are no breaks. Following that are numerous breakout sessions where the new stuff really starts.

Biff
Sarbanes-Oxley Compliance Officer, Biff's PDC Newsletter