Tuesday, December 21, 2010

Continuous project statistics with StatSVN and TeamCity

Tuesday, December 21, 2010

Yesterday I wrote about Continuous code quality measurement with NDepend and TeamCity where I looked at nightly builds that assessed code quality using the very excellent NDepend. These reports are great and it’s easy to configure but you need to make both a dollar investment in the software and an education investment to really understand the metrics and how they relate to code quality.

What’s nice about StatSVN is that it’s free and it doesn’t take a lot of thinking to use it. Rather than analysing your codebase, like NDepend, StatSVN analyses your Subversion repository and reports on how your app has changed over time. In a way, it’s kind of chewing gum for the brain (lots of interesting metrics without a whole lot of substance), but there’s bit of value in understanding more about how your project is structured. And hey, it’s free!

Read more

Monday, December 20, 2010

Continuous code quality measurement with NDepend and TeamCity

Monday, December 20, 2010

I love a good set of automatically generated code metrics. There’s something about just pointing a tool at the code base and saying “Over there – go and do your thing” which really appeals to the part of me that wants to quantify and measure.

I think part of it is the objectiveness of automated code analysis. Manual code reviews are great, but other than the manual labour issue, there’s always that degree of subjectiveness the human bring with them. Of course code reviews are still important, but generated findings and metrics are always a nice complement and because they can be done automatically, you can do them as frequently as you like.

One thing I’ve found about code reviews in the past – either manual or auto-generated – is that if you do them at the end of a project, it’s too late! You always end up between a rock and a hard place where on the one hand, you feel you’ve got a steaming heap of garbage, but on the other hand you’ve got deadlines and anxious customers.

What you really want to do is to bring your code quality metrics bang into the development process so they’re visible to everyone every single day. You kick them off on day one when there’s an empty project and you don’t stop until the whole thing is delivered. This is where the build server comes into play.

Read more

OWASP Top 10 for .NET developers part 6: Security Misconfiguration

If your app uses a web server, a framework, an app platform, a database, a network or contains any code, you’re at risk of security misconfiguration. So that would be all of us then.

The truth is, software is complex business. It’s not so much that the practice of writing code is tricky (in fact I’d argue it’s never been easier), but that software applications have so many potential points of vulnerability. Much of this is abstracted away from the software developer either by virtue of it being the domain of other technology groups such as server admins or because it’s natively handled in frameworks, but there’s still a lot of configuration placed squarely in the hands of the developer.

This is where security configuration (or misconfiguration, as it may be), comes into play. How configurable settings within the app are handled – not code, just configurations – can have a fundamental impact on the security of the app. Fortunately, it’s not hard to lock things down pretty tightly, you just need to know where to look.

Read more

Monday, December 13, 2010

My SQL Source control article on Simple-Talk

Monday, December 13, 2010

I’ve previously written about Rocking your SQL Source Control world with Red Gate and was bullishly optimistic about the potential for finally providing the means for simple, effective version control of database objects. It turns out the post struck a chord with the folks at Red Gate and they asked me if I’d like to contribute to an article in Simple-Talk, a fantastic bi-monthly newsletter with about 150,000 subscribers. It’s now online here:

Foolproof Atomic Versioning of Applications

I’m a long time subscriber to Simple-Talk and it’s one of the few tech newsletter I actually still get delivered by email; everything else has been demoted to RSS or increasingly, only read when it rises to the surface via Twitter. I’ve kept the subscription because the articles are consistently high-quality and informative, hopefully attributes I haven’t tarnished!

Anyway, the article is now up and hopefully it provides some useful info to those still looking to finally get some parity between application and database in the world of software version control. I’ve come from the angle of SQL Source Control finally allowing apps to be “atomically” versioned in that all the components of the software are harmoniously captured within a single source control system and are accessible via discrete revisions. Enjoy!

Thursday, December 9, 2010

I GOT A LOT OF GRIEVANCES! A Festivus of meeting etiquette

Thursday, December 9, 2010

I GOT A LOT OF PROBLEMS WITH YOU PEOPLE! Now, you’re gonna hear about ‘em.

Let’s begin the tradition of Festivus with the airing of grievances, in particular, corporate meeting etiquette gone bad. Love ‘em or hate ‘em, meetings are a part of everyday life for many of us. However, some people just seem hell-bent on making them miserable for everyone.

To be fair, I suspect the full impact of seemingly innocuous behaviour isn’t always evident to the perpetrators. Let’s face it, we all like different degrees of formality and structure in our lives and we all react differently when it goes out the window.

The thing is though, it’s really not hard to avoid making life difficult on others, there’s only a few things you need to get right and they’re all pretty simple. LET THE GRIEVANCES BEGIN!

Read more

Wednesday, December 1, 2010

Defeating Red Gate’s SQL Source Control insensitivity

Wednesday, December 1, 2010

I’m a big fan of Red Gate’s SQL Source Control, I really am. I raved about it earlier in the year and I still think it’s the best solution going for getting your databases under source control with Subversion.

However, I’ve hit a glitch which unless I’m wrong, appears to be a bit of a design flaw; versioning changes in case. Let’s say I have a table, creatively named “MyTable”, and an equally creatively named column called “MyColumID”. It looks just like this:

Original table and column name

It’s all happily versioned under source control as indicated by the friendly green database:

Versioned database and table

Now let’s say I decide it’s more appropriate for the “ID” suffix to be “Id”:

Column changed to a different case

Naturally, I want to version this change so I switch back over to the SQL Source Control window and go to commit changes:

No changes to commit in SQL Source Control

Whoa! Where’s my change? And that, folks, is the problem.

Read more