07 June 2005

SOA: what people said about it

Grady points out SOA is just one partof establishing an enterprise architecture. The solid software engineering is still required.
He also argues that SOA is for 'large grained/low frequency interactions'. This is controversial. As Jim Alateras points out in his blog, B2C sites like ebay, amazon are SOA-ed. SOA brings architectural sound WEB API, it also enables a core infrastructure stack to support multiple channels, such like smart client.

06 June 2005

What Great .NET Developers Ought To Know (Part Four ASP.NET (UI) Developers)

Part Four ASP.NET (UI) Developers (III)
Describe ways to present an arbitrary endpoint (URL) and route requests to that endpoint to ASP.NET.

Explain how cookies work. Give an example of Cookie abuse.
Cookie is a text file has a name, contains a collection of values, and an expiration time. Cookie is planted to client browser by a web server. It contains value that can be used by the server to identify a client later.
Cookie abuse means a web contain provider using cookie to collect personal/demographic information without prior consent from the user and/or use these data in a way without user consent. Here is an example: Doubleclick sued over alleged cookie abuse

Explain the importance of HttpRequest.ValidateInput()?
ValidateInput check the three collections (QueryString, Form, and Cookies) for markup tags to prevent potentially dangerous data like cross site scripting.
If the validation feature is enabled by page directive or configuration, this method is called during the Page's ProcessRequest processing phase. ValidateInput can be called by your code if the validation feature is not enabled. Request validation works by checking all input data against a hard-coded list of potentially dangerous data.
QueryString, Form, and Cookies input data is checked during request validation.

<%@ Page validation="true" /“false” %>

What kind of data is passed via HTTP Headers?
HTTP header metadata (information) about the document (HTML). Standard ones like:

HTTP/1.1 200 OK
Date: Wed, 13 Aug 1997 02:35:50 GMT
Server: Apache/1.2.0
Last-Modified: Fri, 04 Jul 1997 22:18:24 GMT
ETag: "28f7d-810-33bd76b0"
Content-Length: 2064
Accept-Ranges: bytes
Connection: close
Content-Type: text/html

One can also define additional metadata like:
When the browser gets the document, it pretends that there is a header looks like this:
Author: John Doe

Pointers Quick reference to HTTP headers

Juxtapose the HTTP verbs GET and POST. What is HEAD?
HTTP-GET request gets information from a web server. It passes arguements (querystring) as a part of hostname via URL. Total length is limited a few hundred bytes. HTTP-POST request allows a client to send data to the server. The POST method passes all of its parameter data in an input stream, removing the limit of the size of the data. Unlike the GET method, POST is not expected to be safe nor idempotent
The HTTP HEAD method is very similar to the HTTP GET method. The request looks exactly the same as the GET request (except the word HEAD is used instead of GET), but the server only returns the header information.
HEAD is often used to check the following:
The last-modified date of a document on the server for caching purposes
The size of a document before downloading (so the browser can present progress information)
The server type, allowing the client to customize requests for that server
The type of the requested document, so the client can be sure it supports it
Note that HEAD, like GET, is expected to be safe and idempotent.
A practical use of HEAD is to scan massive URLs for validity or search stream files (MP3 search engine) in which we need retrieve only part of a file which contains the descriptor fields (metadata).

Name and describe at least a half dozen HTTP Status Codes and what they express to the requesting client.
1XX: informational:
100: Continue; 101: Switch protocols
2XX: Sucessful:
200: OK; 201 Created; 202 Accepted
3XX: Redirection
300 Multiple Choices; 301 Moved Permanently; 302: Redirect request found;
4XX: Client Error
400: Bad request; 401:Unauthorized; 403: Forbidden; 404: Resource Not Found;
5XX: Server Error
500: Internal Server Error; 501 Not Implemented; 502 Bad Gateway; 503 Service Unavailable.
Hypertext Transfer Protocol -- HTTP/1.1 RFC 2616 Fielding, et al. Status Code Definitions

How does If-Unmodified-Since work? How can it be programmatically implemented with ASP.NET?
The If-Unmodified-Since request-header field is used with a method to make it conditional. If the requested resource has not been modified since the time specified in this field, the server SHOULD perform the requested operation as if the If-Unmodified-Since header were not present.

Tracking and Resuming Large File Downloads gives a nice clean example on a file download HttpHandler implementation. In the ProcessRequest method it checks HTTP headers to decide the download status.
ElseIf Not CheckIfUnmodifiedSince(objRequest, _
objFile) Then
' The entity was modified since the requested
' date...
objResponse.StatusCode = 412 ' Precondition failed

Private Function CheckIfUnmodifiedSince(ByVal objRequest As HttpRequest, ByVal objFile As Download.FileInformation) As Boolean
Dim sDate As String
Dim dDate As Date
Dim bReturn As Boolean

' Checks the If-Unmodified or Unless-Modified-Since header, if
' one of them was sent with the request.
' Returns True, if the file was not modified since the
' indicated date (RFC 1123 format), or
' if no header was sent,
' returns False, if the file was modified since the indicated date
' Retrieve If-Unmodified-Since Header value from Request (Empty if none is indicated)
sDate = RetrieveHeader(objRequest, "If-Unmodified-Since"
, String.Empty)

If sDate.Equals(String.Empty) Then
' If-Unmodified-Since was not sent, check Unless-Modified-Since...
sDate = RetrieveHeader(objRequest, HTTP_HEADER_UNLESS_MODIFIED_SINCE, String.Empty)
End If
If sDate.Equals(String.Empty) Then
' No date was indicated,
' so just give this as True
bReturn = True

End If
Return bReturn
End Function

Pointers Quick reference to HTTP headers Tracking and Resuming Large File Downloads

What Great .NET Developers Ought To Know (Part Four ASP.NET (UI) Developers)

Part Four ASP.NET (UI) Developers (II)

Give an example of how using an HttpHandler could simplify an existing design that serves Check Images from an .aspx page.
Scot Hanselman himself got something to say on A Boilerplate HttpHandler.
Just like .aspx page is an HttpHandler that handles Http Request:

// System.Web.UI.Page
public class Page : TemplateControl, IHttpHandler

<add type="System.Web.UI.PageHandlerFactory" path="*.aspx" verb="*">

You can implement your own HttpHandler to return other MEMI type (image, download file, pdf etc) to browser. The register your HttpHandler in the web.config (or you can register it in machine.config or IIS Application Configuration properties page if implements IHttpHandlerFactory)
//my HttpHandler
public class MyHandler : IHttpHandler{…}
<add type="Namespace.MyHandler.New, MyHandlerAssemblyName" path="MyHandler.New" verb=" GET, PUT, POST ">

MyHandler implementation (primarily in ProcessRequest)should cater following steps:
1 Setting context.Response.StatusCode
2 Setting context.Response.ContentType = "somespecific/mimetype"; (e.g. Image/jpg)
3 Setting context.Response

What kinds of events can an HttpModule subscribe to? What influence can they have on an implementation? What can be done without recompiling the ASP.NET Application?
An HttpModule implement IHttpModule:
public interface IHttpModule{
void Dispose();
void Init(HttpApplication context)

HttpModules are hooked into the Http request pipeline via entry like this in web.config:
<add type="classname,assemblyname" name="modulename"><remove name="modulename">

The ASP.NET runtime calls the module's Init and Dispose methods. Init is called when the module attaches itself to the HttpApplication object and Dispose is called when the module is detached from HttpApplication. The Init and Dispose methods represent the module's opportunity to hook into a variety of events exposed by HttpApplication.

As can be seen from the above config settings, without recompile the asp.net app, you can remove one or more HttpModules.

An HttpMoudle can subscribe to following events:
AcquireRequestState When ASP.NET acquires the current state (for example, session state) associated with the current request.
AuthenticateRequest When a security module has established the identity of the user
AuthorizeRequest When a security module has verified user authorization
BeginRequest When the first event in the HTTP pipeline chain of execution responds to a request
Disposed When ASP.NET completes the chain of execution when responding to a request
EndRequest When the last event in the HTTP pipeline chain of execution responds to a request
Error When an unhandled exception is thrown
PostRequestHandlerExecute When the ASP.NET handler (page, XML Web Service) finishes execution
PreRequestHandlerExecute Just before ASP.NET begins executing a handler such as a page or XML Web Service
PreSendRequestContent Just before ASP.NET sends content to the client
PreSendRequestHeaders Just before ASP.NET sends HTTP headers to the client
ReleaseRequestState After ASP.NET finishes executing all request handlers; also causes state modules to save the current state data
ResolveRequestCache When ASP.NET completes an authorization event to let the caching modules serve requests from the cache, bypassing execution of the handler (the page or XML Web Service, for example)
UpdateRequestCache When ASP.NET finishes executing a handler in order to let caching modules store responses that will be used to serve subsequent requests from the cache

A sample HttpModule class:

// This module, named HttpModules.CS will be compiled
// into an assembly named HttpModules.dll
// config entry:
// <add type=" HttpModuleExamples.CustomHttpModule, HttpModules.dll" name=" CustomHttpModule">

using System;
using System.Web;

namespace HttpModuleExamples {
public class CustomHttpModule : IHttpModule {
// IHttpModule members
public void Init(HttpApplication httpApp) {
httpApp.BeginRequest +=
new EventHandler(this.OnBeginRequest);

httpApp.EndRequest +=
new EventHandler(this.OnEndRequest);

public void Dispose() {
// Usually, nothing has to happen here...

// event handlers
public void OnBeginRequest(object o, EventArgs ea) {
HttpApplication httpApp = (HttpApplication) o;
HttpContext ctx = HttpContext.Current;
ctx.Response.Write("Beginning Request

public void OnEndRequest(object o, EventArgs ea) {
HttpApplication httpApp = (HttpApplication) o;
HttpContext ctx = HttpContext.Current;

ctx.Response.Write("Ending Request

Pointer: HTTP Modules

Explain <@OutputCache%> and the usage of VaryByParam, VaryByHeader, VaryByCustom?
<@OutputCache%> Declaratively controls the output caching policies of an ASP.NET page or a user control contained in a page. Cached page/control is placed in memory.
VaryByParam: Different versions of the page are stored based on the query string values.

If there are one thousand different ids are queried in 30 sec, there will be one thousand pages cached. On the other hand queries page.aspx?id=1, page.aspx?id=1&Num=1, and page.aspx?id=1&Num=2 will receive the same cached page.
VaryByHeader: Different versions of the page are stored based on the specified HTTP header values.

Four requests arrive for the page with the following Accept-Language headers: 1) de-lu; 2) en-us; 3) fr; 4) en-us, three cached pages is created and the second en-us request reads from cache.
VaryByCustom: Different versions of the page are stored based on browser type and major version. Additionally, you can extend output caching by defining custom strings.

Then override the HttpApplication.GetVaryByCustomString method in the Global.asax file. This string is built by you and used as a key to store and retrieve a cached version of your page. The key can be anything and build from anything. You can create a composite key from other pieces of information available to you like cookies, user-languages, browser capabilities, whatever.

public override string GetVaryByCustomString(HttpContext context, string arg){
if(arg.ToLower() == "mycustomstring"){
HttpCookie cookie = context.Request.Cookies["ID"];
if(cookie != null)
return cookie.Value;
return base.GetVaryByCustomString (context, custom);

Pointer: Advanced ASP.NET Caching and AddValidationCallBack Improving ASP.NET Performance

How would one implement ASP.NET HTML output caching, caching outgoing versions of pages generated via all values of q= except where q=5 (as in http://localhost/page.aspx?q=5)?
Use AddValidationCallBack It provides a mechanism to programmatically check the validity of a item in the cache before the item is returned from the cache. Before the response is served from the Web server cache, all registered handlers are queried to ensure resource validity. If any handler sets a flag indicating that the resource is invalid, the entry is marked invalid and evicted from the cache. The request is then handled as if it were a cache miss.
Pointer: Advanced ASP.NET Caching and AddValidationCallBack MSDN AddValidationCallBack

When can I safely set the EnableViewState property to False?
Pointers: Understanding ASP.NET View State
View state is only need when you need to remember state across postbacks.
For a Web page that has a read-only DataGrid, you'd definitely want to set the DataGrid's EnableViewState property to False. You can even create sortable and pageable DataGrids with the view state disabled.

The DataGrid stores its contents in the view state so the page developer doesn't need to rebind the database data to the DataGrid on each and every page load, but only on the first one. The benefit is that the database doesn't need to be accessed as often. If, however, you set a DataGrid's EnableViewState property to False, you'll need to rebind the database data to the DataGrid on both the first page load and every subsequent postback.

Using cookieless sessions is that the session state is lost if an absolute URL is invoked(Underpinnings of the Session State Implementation in ASP.NET)
The context:
Suppose that you request a page at the following URL:

What is really displayed in the browser's address bar is slightly different and now includes the session ID, as shown here:

When instantiated, the session-state HTTP module checks the value of the cookieless attribute. If true, the request is redirected (HTTP 302) to a modified virtual URL that includes the session ID just before the page name. When processed again, the request embeds the session ID. If the request starts a new session, the HTTP module generates a new session ID and then redirects the request. If the request is a postback, the session ID is already there because postbacks use relative URLs.

The problem:
The drawback of using cookieless sessions is that the session state is lost if an absolute URL is invoked. When cookies are used, you can clear the address bar, go to another application, and then return to the previous one and retrieve the same session values. If you do this when session cookies are disabled, the session data is lost. For example, the following code breaks the session:
<a href="/code/page.aspx" runat="server">Click</a>

The solution:
If you need to use absolute URLs, resort to a little trick and manually add the session ID to the URL. You use the ApplyAppPathModifier method on the HttpResponse class.
<a runat="server"
href=<% =Response.ApplyAppPathModifier("/code/page.aspx")%> >Click</a>

The ApplyAppPathModifier method takes a string representing a URL and returns an absolute URL, which embeds session information. For example, this trick is especially useful in situations in which you need to redirect from a HTTP page to an HTTPS page.

What Great .NET Developers Ought To Know (Part Four ASP.NET (UI) Developers)

This is getting longer and longer. Some questions are rather like a small insight reseach than a simple Q&A. I will re-org some of them later to be a stand alone post.

Part Four ASP.NET (UI) Developers (I)

Describe how a browser-based Form POST becomes a Server-Side event like Button1_OnClick.
In Web server controls, certain events, typically click events, cause the form to be posted back to the server. An event is a message, "Button1_Click". The binding between the event message and a specific method — that is, an event handler — is done using an event delegate. In the following code snippet, an (object of) event delegate EventHandler is instantiated, it binds the event handler - btnNext_Click method to the event btnNext.Click (message).

// the binding
private void InitializeComponent(){
this.Load += new System.EventHandler(this.Page_Load);
this.btnNext.Click += new System.EventHandler(this.btnNext_Click);
// an event handler
private void btnNext_Click(object sender, System.EventArgs e){}

What is a PostBack?
Postback means a web page (contains web request) is submitted to itself on the web server. ASP.NET page object model uses PostBack on event handling.

What is ViewState? How is it encoded? Is it encrypted? Who uses ViewState?
VIEWSTATE is a set or string of encoded data stored in a hidden form field to to preserve data between round trips to and from the server. ViewState automatically preserves property values of the page, and the values of all controls on the page, between round trips. Data stored in VIEWSTATE is base-64 encoded.
Pointers: Understanding ASP.NET View State

What is the <machinekey>element and what two ASP.NET technologies is it used for?
Machine Authentication Check(MAC): Machine authentication checks are designed to ensure that the data received by a computer is the same data that it transmitted out. This can be done by using <machinekey>.
<machinekey>configures key to use for encryption and decryption of forms authentication cookie data and view state data, and for verification of out-of-process session state identification. This section can be declared at the machine (machine.config), site, and application levels (web.config), but not at the subdirectory level.
<configuration><system.web></a><machinekey validation="SHA1\\MD53\\DES" decryptionkey="AutoGeneratevalue[,IsolateApps]" validationkey="AutoGeneratevalue[,IsolateApps]">

What three Session State providers are available in ASP.NET 1.1? What are the pros and cons of each?
<sessionState mode="InProc StateServer SQLServer />

InProc Session values are kept as live objects in the memory of the ASP.NET worker process (aspnet_wp.exe or w3wp.exe in Microsoft® Windows Server™ 2003). This is the default option.
Pros: Fastest. Cons: Not scalable (web garden/farm); performance hit as memory required, state lives short, less robust.

Pros on out-of-proc: fully scalable; state lives longer; protected against IIS and ASP.Net failure; Cons: Slower than InProc due to serialization and de-serialization to/from storage medium. StateServer add at least 15%, SQLServer add at least 25% performance drop compares to InProc).

StateServer Session values are serialized and stored in the memory of a separate process (aspnet_state.exe). The process can also run on another machine.
Pros: fastest Out-of-Proc solution; easy administration. Cons: not as fast as InProc; not as robust as SQLServer.

SQLServer Session values are serialized and stored in a Microsoft® SQL Server™ table. The instance of SQL Server can run either locally or remotely.
Pros: more robust than StateServer.
Cons: Slowest.
Pointers: Underpinnings of the Session State Implementation in ASP.NET

What is Web Gardening? How would using it affect a design?
The ASP.NET process model helps enable scalability on multiprocessor computers by distributing work to several processes, one per CPU, each with processor affinity set to its CPU. This technique is called Web Gardening. This technique is particularly useful for applications that rely extensively on external resources, for example: slow database server or calls COM objects that have external dependencies.

Web gardening is not suitable for heavy stateful applications. Web gardening enables multiple worker processes (one per CPU participating in the web garden) to run at the same time. All processes will have their own copy of application state, in-process session state, ASP.NET cache, static data etc, and all that is needed to run applications. The more stateful applications are, the more they risk to pay in terms of real performance of web gardening.

Beyond the questions:
The Web garden model is configurable through the <processmodel>section of the machine.config file.

Notice that the <processmodel> section is the only configuration section that cannot be placed in an application-specific web.config file. This means that the Web garden mode applies to all applications running on the machine.

However, by using the &l;tlocation> node in the machine.config source, you can adapt machine-wide settings on a per-application basis.
<processmodel webgarden="[truefalse]" cpumask="[bit mask]">

Pointer: The ASP.NET HTTP Runtime
Given one ASP.NET application, how many application objects does it have on a single proc box? A dual? A dual with Web Gardening enabled? How would this affect a design?
The term ‘Application object’ is vague here. If we are talking about ASP.NET worker process (aspnet_wp.exe or w3wp.exe) it is one per CPU. On a Dual CPU box without enabling web gardening, it is still one worker process. If web gardening is enabled for all CPUs, one worker process is created per CPU.

If we are talking about HttpApplication object here, it has nothing to do with number of the CPUs in a box. ASP.NET worker process creates a number of AppDomains, isolated by the virtual directory or web application. Each AppDomain has an HttpApplication object pool. An individual HttpApplication object is created to handle each simultaneous HTTP request. However number of the objects in the HttpApplication pool is not configurable. Neither number of AppDomains (sure too many active web apps on a box will slow it down).

Pointer Building Secure ASP.NET Applications: Authentication, Authorization, and Secure Communication

Are threads reused in ASP.NET between reqeusts? Does every HttpRequest get its own thread? Should you use Thread Local storage with ASP.NET?
Aha, just partly answered this question above. Each HTTP request is served by an HttpApplication object, which is pooled. Threads are reused.
Thread Local storage(TLS) provides a mechanism to store data that is unique to a thread and whose value is determined at run time. This type of storage can be very helpful when dealing with an existing multithreaded application whose interfaces or original design are too inflexible for passing these values another way.
Using TLS in a thread pooling environment can be very tricky. One should not use TLS on ASP.NET application. You never know on what thread you might be called (inside an ISAPI DLL), so using TLS for anything other than tracking resources that are explicitly bound to a particular thread is a bad idea.

Is the [ThreadStatic] attribute useful in ASP.NET? Are there side effects? Good or bad?
The conext: how to share static fields on per thread scope in opposite to per AppDomain scope?
The question itself doesn't make sense. The value that needs to be shared should be tied to a specific request, not a specific thread. To do this you can use the System.Web.HttpContext.Current.Items collection.
[ThreadStatic] is the managed equivalent of TLS in ASP.NET. It should be used when you can control the threadpool and the lifecycle of a thread (but you can’t achieve this easily, can you?) ThreadStatic gives you thread local storage, not HttpContext local storage!
It needs to be very careful on using [ThreadStatic] . Static fields marked with ThreadStaticAttribute are not shared between threads. Each executing thread has a separate instance of the field, and independently sets and gets values for that field. If the field is accessed on a different thread, it will contain a different value. And this is deemed to happen due to thread agile in ASP.NET. ASP.NET not only uses a thread pool, but may switch threads during request processing. It makes thread local storage unreliable.
Pointers Storing things on Threads, A tale of two techniques: The [ThreadStatic] Attribute and System.Web.HttpContext.Current.Items, ThreadStatic FUD

03 June 2005

What Great .NET Developers Ought To Know (Part Three C# Component Developers)

Continue on Scott Hanselman's - What Great .NET Developers Ought To Know
Part Three C# Component Developers

Juxtapose the use of override with new. What is shadowing?
Using override keyword to a method in the derived class meaning the method provides a new implementation to the overridden method (same signature) in the base class. The base method must be virtual, abstract, or override.
By default a method is not modified by ‘virtual’. So if a method in derived class wants to override the base implementation, it needs to be modified by ‘new’ keyword.
This is called shadowing, not overriding. The method in the derived HIDES the one in the base class.

Explain the use of virtual, sealed, override, and abstract.
virtual keyword is used to modify a method or property declaration. It allows the downcasting from base class to derived class. From derived class’s point, the method overrides it specialised the implementation. To enforce the overriding, base method modify with abstract.
abstract keyword is used to modify a class, method or property declaration. You cannot instantiate an abstract class or make calls to an abstract method directly.
An abstract virtual method meaning that the method provides maybe a partial implementation, may be no implementation at all. And a derived class of it must implement it.
A sealed class cannot be derived. This modifier is most likely used on a static class. An abstract class cannot be sealed.
A sealed override method in a derived class prevent it being further overriden.

Explain the importance and use of each component of this string: Foo.Bar, Version=, Culture=neutral, PublicKeyToken=593777ae2d274679d
This string specifies shows a fully specified reference for a strongly named assembly.

Explain the differences between public, protected, private and internal.
Visibility differences on accessing a method, class:
private methods are only visible to a member in the same class;
protected methods are only visible to members in the derived class plus private scope;
internal methods/classes are visible to members in the same assembly;
public methods/class are visible to all.

What benefit do you get from using a Primary Interop Assembly (PIA)?
You get compatibility between applications that shares types defined in a PIA.
PIA contains the official, unique type identity description as defined by the publisher of those types. The PIA may contain certain customizations that make the types easier to use from managed code. The PIA is always signed by the publisher of the original COM type.
By what mechanism does NUnit know what methods to test?

What is the difference between: catch(Exception e){throw e;} and catch(Exception e){throw;}
catch(Exception e){throw e;} suppress the original exception stack and begin a new exception flow. Original stack trace information maybe lost
catch(Exception e){throw;} re-throw original exception.

What is the difference between typeof(foo) and myFoo.GetType()?
Operatior typeof(foo) is used to obtain the System.Type object for a type at compile time.
myFoo.GetType() is used to obtain the exact run time type of an object. This method uses reflection.

Explain what’s happening in the first constructor and how is this construct useful?

public class c{
public c(string a) : this() {;};
public c() {;}

When constructor public c(string a) is called to construct an object, it first calls the default constructor then the initialisation procedures in public c(string a).

What is this? Can this be used within a static method?
The this keyword refers to the current instance of the class. It cannot be use within a static method, because static method doesn’t live in an instance object type.

01 June 2005

(Communication Skills)The Secret of Inspiration

Wednesday June 1, 01:41 PM
The Secret of Inspiration
By Carmine Gallo

During an interview for my new book, I was speaking to Dilbert creator Scott Adams about the failure of most managers to inspire their employees. Adams is very funny and extremely insightful. In his opinion, most business professionals fail to articulate Advertisement

a compelling vision because they don't have anything to say.

Simple enough and probably true in many cases. But if you're like most entrepreneurs, you do have something to say -- and a vision that will inspire your employees, colleagues, and customers. You might just need a little help getting it across.

Here's the deal: Most employees are uninspired by their work and by the people for whom they work. How do I know? Well, it doesn't take a rocket scientist. Just look at the face of the person next to you on the train during rush-hour commute. Pay attention to the bank teller's demeanor. Note the lack of enthusiasm from the department store sales clerk.

COMMON TECHNIQUES. A recent Conference Board survey finds that only half of U.S. workers are happy with their jobs, and of those who are happy, only 14% are "very satisfied." When people are uninspired at work, it shows -- customer-service surveys have revealed a marked decline in satisfaction in recent years.

My goal in writing 10 Simple Secrets of the World's Greatest Communicators was to identify business leaders who truly inspire those in their personal and professional lives, and to share their techniques with my readers. After interviewing more than two dozen contemporary CEOs, executives, and experts, I found a common technique among all those considered among the most inspiring. Are you ready for it? The secret to inspiring your listeners is to paint a picture of a world made better by your service, product, company, or cause.

Think about it. Cisco (CSCO) CEO John Chambers doesn't sell routers and switches when he communicates to employees, colleagues, or customers -- he sells a vision of an Internet that changes the way we "live, work, play, and learn." Starbucks (SBUX) founder Howard Schultz doesn't sell coffee beans -- he sells the concept of a community, a "third place" between work and home. Suze Orman doesn't sell irrevocable trusts -- she sells the vision of a life free of burdensome debt.

In much the same way, California Governor Arnold Schwarzenegger won the hearts and minds of voters not by outlining specific policies but by selling his vision of a state that's a better place to raise a family and do business.

"MAKING A DIFFERENCE." Intuit (INTU) founder Scott Cook told me, "It's important to communicate a bold vision for many reasons, but primarily for internal reasons, for the people in your company. Your people want to know that their work is adding up to a great cause. They want more than a paycheck. They want to know that they are making a difference in the world."

Are you communicating a bold, captivating vision? Do the people who work for you feel as though their work is adding up to more than a paycheck? Once they do, the results could be extraordinary. Remember the famous story of how Steve Jobs convinced former Pepsi (PEP) President John Scully to take the helm at Apple (AAPL)? On a balcony overlooking New York's Central Park, Jobs turned to Scully and asked, "Do you want to sell sugared water all your life, or do you want to change the world?"

It worked. In much the same way, articulating a big mission will help you win over employees, customers, and colleagues -- especially in a small business, where you can have direct and frequent contact with them.

WALK THROUGH FIRE? Last year, one of those traveling motivational conferences came rolling through my town in Silicon Valley. Its roster was made up of athletes, authors, and celebrities. I couldn't help but feel sorry for those business professionals who may have been fired up to do their best work by the end of the conference only to be deflated by their uninspiring supervisors the next day at the office.

CNBC money guru Jim Cramer once commented that people would walk through fire for Cisco's Chambers. Would they do the same for you? If not, why? Is it possible that you're failing to communicate the big mission behind your service, product, or company? In his autobiography, My American Journey, former Secretary of State Colin Powell writes that a great leader, "[makes] individuals feel important and part of something larger than themselves."

Sound familiar? The simple secret to inspiring those around you is to communicate a vision, a roadmap, of where you're heading and why it's important to your listeners. This technique applies to your conversations with employees, colleagues, customers, or investors.

START WITH YOURSELF. I hope I've already got you thinking about the mission you wish to convey. In my last column, I invited readers to share their "30-second pitch" with me (see BW Online, 5/4/05, "Mastering the 30-Second Pitch"). Many of you responded. Well, this time I'm asking that you share your "big mission." Let me know how you've inspired those who work for you or how you plan to do so based on the above information. I would be happy to send you feedback.

But just one more thing before you head out to articulate your big mission. Suze Orman once told me that people can only inspire when they're inspired themselves. Good point. If you're not inspired by your own vision, then it might be time to reevaluate the road you're heading down. After all, if you're not out to change the world, plenty of others are.

What Great .NET Developers Ought To Know (Part Two Mid-Level .NET Developer)

Continue on Scott Hanselman's - What Great .NET Developers Ought To Know
Part Two Mid-Level .NET Developer

  • Describe the difference between Interface-oriented, Object-oriented and Aspect-oriented programming
    Object-oriented programming (OOP): a programming methodology built around data abstraction (i.e. type, class and object) and message communication between objects. The basic concepts of OOP are encapsulation, inheritance, and polymorphism.

    Interface-oriented programming (IOP) is an extension of OOP in which all program interdependencies are expressed via abstract interfaces. Abstract interfaces and implementations are strictly separated. As a result, inheritance in IOP is interface-oriented, supports both specialization and adaptation inheritance, and is decoupled from the implementation binding mechanism. (from Generative Programming, Interface-Oriented Programming and Source Transformation Systems)

    Aspect-oriented programming (AOP) Eclipse Foundation defines AOP as:
    ‘A type or style of programming that explicitly takes into account crosscutting concerns, just as object-oriented programming explicitly takes into account classes and objects.’

    The essence of AOP model is to identify concerns such as logging, exception handling, etc. that cross-cut several layers in a system, and modularise them into orthogonal units called aspects and inject these aspects at selected execution points in a system dynamically at runtime.
    Pointers: Aspect Orienting .NET Components

  • Describe what an Interface is and how it’s different from a Class
    An interface defines a contract without implementation. A class can implement one or more interface. A class can only inherit one parent class. A interface can inherit many parent interfaces. There is no ‘implementation’ concept in interface. See this code snippet.

    namespace ClassLibrary1{
    public interface IFace1{
    void Foo1();
    void Bar1();
    public interface IFace3{
    void Foo3();
    public interface IFace2 : IFace1, IFace3{
    void Foo2();
    public class Class1 : IFace2{
    public Class1(){}

    // IFace2 Members
    public void Foo2(){}

    // IFace3 Members
    public void Foo3(){}

    // IFace1 Members
    public void Foo1(){}
    public void Bar1(){}

  • What is Reflection?
    When building an assembly or a module, the .NET compiler creates metadata of the assembly at the same time. Metadata contains a type definition table, a field definition table, a module definition table etc. The process to query these metadata tables at runtime is called Reflection. The FCL’s System.Reflection namespace contains types a developer can use to write code to reflect metadata and obtain information about a type/class in the assembly, such like fields, methods, properties and events etc.

  • What is the difference between XML Web Services using ASMX and .NET Remoting using SOAP?
    Xml Web Services uses standard protocols such like HTTP, XML and SOAP in messaging. It addresses interoperability between disparate, heterogeneous applications.
    The .NET Remoting system enables messaging between remote object across AppDomain, process or machine boundaries using communication channels like TCP/IP or HTTP. It doesn’t address interoperability between heterogeneous applications, meaning client and service object must expose/understand the communication interface – object reference.
    Message sent over communication channel is called remote object. Remote object is encoded/decoded using native .NET serialization formatters, such like binary or XML encoding like SOAP. Binary encoding is more efficient. XML encoding is preferred choice when interoperability is required.

    Some brief Q&As about Remoting.

  • Are the type system represented by XmlSchema and the CLS isomorphic?
    Isomorphic: In mathematics, an isomorphism (in Greek isos = equal and morphe = shape) is a kind of interesting mapping between objects. (Reference) Two isomorphic sets (such as species) have a one-to-one correspondence between them. For each member of one set, there is a corresponding member of the other set. For example, there is a one-to-one correspondence between the set of lower case letters and the set of upper case letters, with a corresponding to A, etc. (Reference)
    .NET classes can be serialised into a XML Schema by using types in System.Xml.Serialization, such like XmlSerializer. (Some code example can be found here)
    CLS, Common Language Specification

  • Conceptually, what is the difference between early-binding and late-binding?
    Early-binding: static binding, validated by compiler. Late-binding: dynamic, type cast, validate by runtime.

    public class Point{
    public Point(){
    public int X = 0;
    public int Y = 0;
    public class Line : Point{
    public Line(){
    public class Widget{
    public Widget(){}
    public class Foo{
    Line line1 = null;
    Widget widget = null;
    Object object1 = null;

    public void Demo() {
    //... do something with line1

    //early binding, complier will complain
    Point p1 = (Point)line1;
    Console.Write("Location (X,Y) ({0}, {1})", p1.X, p1.Y);

    //compiler complians on the cast
    //Point p2 = (Point)widget;

    //late binding on a generic type
    Point p3 = (Point)object1;

    //following line only throws exception at runtime
    Console.Write("Location (X,Y) ({0}, {1})", p3.X, p3.Y);

  • Is using Assembly.Load a static reference or dynamic reference? What is an Asssembly Qualified Name? Is it a filename? How is it different? Is this valid? Assembly.Load("foo.dll"); When would using Assembly.LoadFrom or Assembly.LoadFile be appropriate?
  • Using Assembly.Load(...) is a Dynamic Reference to load a type. The parameter can be an assembly qualified name (AQN, Type: string) like: ‘TopNamespace.SubNameSpace.ContainingClass+NestedClass,TheAssemblyName’.
    Assembly.Load also accepts a simple assembly name, which must be an object of AssemblyName, for example:

    AssemblyName myAssemblyName = new AssemblyName();
    myAssemblyName.Name = "MyAssembly";
    myAssemblyName.Version = new Version("");

  • ‘foo.dll’ is not a FQN, so Assembly.Load("foo.dll"); is invalid.
  • An AQN contains an assembly’s identity information, such like:
    • A simple file name (unencrypted name);

    • A version number;

    • A cryptographic key pair;

    • And a supported culture.

    It allows versioning and singing as opposed to a simple filename.
  • Assembly.LoadForm: Loads an assembly given its file name or path. Assembly.LoadFile: Loads the contents of an assembly file on the specified path. Use the LoadFile method to load and examine assemblies that have the same identity, but are located in different paths. Do not use LoadFile to load assemblies that you want to execute.

    Assembly SampleAssembly = Assembly.LoadFrom("c:\\Sample.Assembly.dll");
    Assembly SampleAssembly2 = Assembly.LoadFrom("c:\\Sample.Assembly2.dll");

    LoadFile does not load files into the LoadFrom context, and does not resolve dependencies using the load path, as the LoadFrom method does. LoadFile is useful in this limited scenario because LoadFrom cannot be used to load assemblies that have the same identities but different paths; it will load only the first such assembly.

  • How is a strongly-named assembly different from one that isn’t strongly-named?
    Strongly-named assemblies are signed using a private\public key pair which helps with code verification.
    signed assemblies could be placed in thee GAC.

  • Can DateTimes be null?
    No. It is a Structure an object of it is place in the stack.

  • What is the JIT? What is NGEN? What are limitations and benefits of each?
    Reference Compiling MSIL to Native Code
    Just-In-Time compilation. (In .Net context) complier produces MSIL (the portable executable); at the first time the assembly is called, it is compiled into CPU specific native code by the .NET JIT compiler. The benefit: portable executable – ‘write once, run everywhere’; JIT compiles the code and stores result native code in memory at initial call and subsequent calls is accessing in-memory native code hence it is relatively efficient.

    NGEN Pre-compilation, or pre-JITing, is the creation of native code from MSIL on the client machine, but instead of being generated at run time it is done as a separate isolated step. NGen is the term used generically for pre-JIT technology in the common language runtime (CLR), and specifically for the command-line utility used to create and store the native code. The native code produced by NGen is stored in true Win32® PE files which are called "native images" or "NGen images" which are in turn stored in the "native image cache" or "NGen cache."
    When creating native images, NGen simply loads the JIT compiler and invokes it to create native code for the assembly, which is then persisted into the native image and stored in the native image cache.
    NGEN is recommended as the last step during installation process, hence the name (native) install-time code generation?
    Note: Consideration on using NGen:
    • NGen is important to getting faster startup through better page sharing and working set reduction

    • NGen is primarily interesting for client scenarios which need the faster startup to be responsive

    • NGen is not recommend for Asp.Net because the assemblies NGen produces cannot be shared between App Domains

    • NGen for V1.0 and V1.1 was primarily designed for the CLR, and while it can be used for shared libraries and client apps:
      Always measure to make sure it is a win for your application
      Make sure your application is well behaved in the face of brittleness and servicing

  • How does the generational garbage collector in the .NET CLR manage object lifetime? What is non-deterministic finalization?
    CLR GC (Garbage Collection/Garbage Collector depends of the context) makes following assumptions:
    The newer an object is, the shorter its lifetime will be.
    The older an object is, the longer its lifetime will be.
    Collecting a portion of the heap is faster than collecting the whole heap.

    Generation memory threshold
    There are three (0, 1, 2) generations defined by CLR. When CLR initializes, it selects a memory threshold for each generation, say 256 Kb for g0, 2 Mb for g1 and 10 Mb for g2. GC self-tunes these thresholds to give an optimal GC frequency-process time.

    Generation Promotion
    All objects are initially put into g0. When threshold reached, GC starts compact the garbage objects. Survival objects are promoted into g1. GC won’t compact g1 until its threshold is reached. Vice versa, objects survive g1 GC are promoted into g2. When GC compacts an older generation, it also compacts younger generation(s).

    A Finalizable type implements Finalize method. GC calls this Finalize method to release the memory taken by the object. At least 2 GC processes are required to clear up finalizable objects. However, GC works on a separate thread and only starts when a generation threshold is full, there is no guarantee when Finalize will be called. This is the Non deterministic finalization.

    Finalizable types should always implement Dispose Pattern to allow GC deterministically disposes it.

  • What is the difference between Finalize() and Dispose()?
    Finalize is non public and only called by GC. Dispose is public and called by the user of the class. Call to Dispose to cleanup an resource triggers the Finalize being called by GC later (if Finalize is implemented).

  • How is the using() pattern useful? What is IDisposable? How does it support deterministic finalization?
    We use using(…){} on Disposable resource such like FileStream. This pattern gives a visual block of the scope that a resource will be available to use and enforce the Dispose by the close brace.

    IDisposable, an Interface defines Dispose() method. It should be implemented by all objects, resources that need Finalization in a deterministic way. Richter suggests a very useful Dispose Pattern in his book.

    using System;
    /// implemeting the IDisposable interface for Dispose Pattern
    public sealed class OSHandle : IDisposable{

    /// holds the Win32 handle of the unmanaged resource
    private IntPtr _handle;

    public OSHandle(IntPtr handle){
    this._handle = handle;

    /// when garbage collected, this Finalize method is called to close the
    /// unmanaged resource's handle


    /// this public method can be called to deterministically close the unmanaged resource's handle

    public void Dispose(){
    //because the object is explicitly cleaned up, stop the garbage collector from calling the
    //finalize method when this is running

    /// this public method can be called to deterministically close the unmanaged resource's handle

    public void Close(){

    /// this method is called by Finalize, Dispose and Close to do the actual cleanup
    /// OSHandle is made 'sealed' and this method is 'private'to protect it from be called -
    /// the derived class need to implement their own cleanup then call this one.
    /// If OSHandle cannot be 'sealed' this method need to be virtual protected


  • private void Dispose(bool disposing){
    //Synchronize threads calling Dispose/Close simutaneously
    if (disposing){
    //the object is being explicitly disposed of/closed, not finalized. It is therefore
    //safe for code here to access fields that reference other objects because the Finalize
    //method of these ther objects hasn't yet been called

    //For our sample OSHandle class, we have nothing to do here

    // The object is being disposed of/closed or finalized
    if (IsValid){
    // close the unmanaged resource

    // set the handle to some sentinel value. This prcaution prevents the possiblity of
    // calling CloseHandle twice
    this._handle = InvalidHandle;

    //Make this property return an invalid value for whatever unmanaged resource you are using
    public IntPtr InvalidHandle {get {return IntPtr.Zero; }}

    //Public method to return the wrapped handle
    public IntPtr ToHandle () {return this._handle ; }

    //public implicit cast operator returns the wrapped handle
    public static implicit operator IntPtr(OSHandle osHandle){
    return osHandle.ToHandle();

    public bool IsValid {get {return (this._handle != InvalidHandle);}}
    public bool IsInvalid {get {return !IsValid;}}

    //private method called to free the unmanaged resource
    private extern static bool CloseHandle(IntPtr handle);

    Pointer: Chapter 19 of Jeffery Richter’s Book Applied Microsoft .NET Framework Programming

  • What does this useful command line do? tasklist /m "mscor*"
    TASKLIST [/S system [/U username [/P [password]]]] [/M [module] | /SVC | /V] [/FI filter] [/FO format] [/NH]

    Description: This tool displays a list of currently running processes on either a local or remote machine.

  • What is the difference between in-proc and out-of-proc? What technology enables out-of-proc communication in .NET?
    Procedure call in out-of-proc requires object sterilization/marshalling. .Net Remoting enables out-of-proc communication in .NET.

  • When you’re running a component within ASP.NET, what process is it running within on Windows XP? Windows 2000? Windows 2003?
    In Windows XP and Windows 2000 (IIS5), ASP.NET is running in ASPnet_wp.exe worker process. In Windows 2003 (IIS6), ASP.NET is running in W3WP.exe worker process.
    P.S. Worker Process is the Application(s) pool that web application is assigned to.