Archive for June, 2008

I’m with the Thirsty Developer

While in Chicago to speak at PHP | Tek, I got to do a Podcast (in a bar) with on of the The Thirsty Developers

I hope you will [ CLICK HERE ] and listen !

The Everlasting Question – Should I choose VB.NET of C#

 I got an email last night from Eduardo.

Eduardo “Love’s VB.NET”, but is concerned about his long term career prospects because he keeps hearing about C#.

The Pie Chart from the Telerik Survey suggests that C# has surpassed VB.NET as the .NET language of choice. For the record, I don’t think this accurately reflects the division. I would guess that it’s more like 55% VB.NET and 45% C#.

People ask me all the time why I choose VB.NET instead of C# for my videos. The truthful answer is, I don’t. I use VB because ScottGu asked me to use VB.NET.

At first, I was a bit queased out 🙂 – I first started programming in “C” in 1978 and C++ in abut 1988-1989. So languages of “C” flavor like Java and C# are just familiar to me.

It took me about a week before I was I stopped thinking about the syntax I was coding in.

I just don’t think the choice between C# and VB.NET really matters.

The one statistic that does matter is that companies seem to be paying C# developers more than they want to pay VB.NET developers. I suspect that this statistic, like most, is irrelevant if taken on face value alone.

It’s possible, even probable that the C# programmers they hire have more of a systems programming background in C++ or an enterprise development background in Java so that C# is the syntax flavor of choice, but that flavor choice is a byproduct of their skill set and it is that skill set that earns them more money.

If a company pays C# developers more than VB.NET developers for no other reason than syntax choice, I’d probably choose to work for another company as I prefer to work for really smart folks 🙂

I’d be surprised if anyone could suggest a business application to me that REQUIRED it be written in one language over another (at least for non-business reasons.)

To me, the choice between VB.NET and C# seems a much less significant one than the industry seems to want to make it. It’s a stylistic choice. A philosophical choice. Even an artistic choice. But not really a NECESSARY choice.

Sure, TO ME, C# code “looks better”. And FOR ME, coding in VB.NET is a bit faster. Since I’m happy to switch back and forth, I lean toward building class heavy back ends in C# and front side stuff in VB.NET (though not always).

The power is in the .NET framework and in the productivity of Visual Studio. Does that make VB.NET and C# just the duck tape that ties them together ? 🙂

Below are some links to articles that discuss the VB.NET versus C# issue.

In the mean time, Eduardo, write great applications in which ever language best suits you and let those applications be the strength in your resume. Not the syntax flavor they are written in.

Murray “Flash” Gordon has a great VB and C# Comparison on his blog [ Click HERE ]

Wikipedia also has some good information. [ Click HERE ]

Nigel Shaw has a good article at The Code Project with some sound conclusions. [ Click HERE ]

Jeff Atwood at Coding Horror also has a good post. [ Click HERE ]

The Pie Chart above is from the Telerik Survey [ Click HERE ]

Microsoft Surface Video

Most people haven’t had a chance to play with Microsoft Surface.

It’s one of the coolest technologies in a long time !

[ Click HERE to watch the video. ]

My Secure Development Interview from TechEd 2008

While at TechEd 2008 I got to spend some time in the “Fish Bowl” with Georgeo Pulikkathara.

Georgeo interviewed me on Microsoft’s Secure Development Lifecycle (SDL) and my upcoming Developer Security Activities.

Please [ click HERE ] to check out Georgeo’s blog post and [ Click HERE ] to have a listen to the show.

ComponentArt releases Charting 2008.1

ComponentArt releases Charting 2008.1, introducing advanced AJAX interactivity, dual 3D rendering engines, and a wealth of core charting features.

Grate for AJAX style data visualization !

Visit the Charting Gallery for live demos.

Tools to block & eradicate SQL injection

Microsoft has released an advisory for the recent SQL Injection attacks which points to several tools that will help identify and block these type of attacks. The goal of this blog post is to help our audience identify the best tool depending on their role (i.e. Web Developers vs IT administrators). Currently, there are three tools available which serve different purposes and they complement each other.

Web developers Recommendations

The Microsoft ® Source Code Analyzer for SQL Injection is a static code analysis tool that identifies SQL Injection vulnerabilities in ASP code (ASP pages are the ones that have been under attacked). In order to run this tool you will need source code access and the tool will output areas vulnerable to SQL injection (i.e. the root cause and vulnerable path is identified). In our view fixing the root cause of the bug is the best way to eradicate vulnerabilities. The tool scans ASP source code and generates warnings for first order and second order SQL Injection vulnerabilities.

IT/Database administrators Recommendations (Web developers can benefit from this as well)

We are recommending two tools, one can help identify SQL injection vulnerabilities by crawling the website (for example, when access to the source code is not possible) and the other one aims to block potential SQL injection attacks.

HP Scrawlr, developed by the HP Web Security Research Group, will crawl a website, simultaneously analyzing the parameters of each individual web page for SQL Injection vulnerabilities (Microsoft has worked with HP in this effort). Scrawlr uses some of the same technology found in WebInspect but has been built to focus only on SQL Injection vulnerabilities. This will allow an IT/DB admin to easily find vulnerabilities similar to the ones that have been used to compromise sites in the recent attacks. No source code is required to run this tool. From a starting URL, the tool recursively crawls that URL in order to build up a site tree that will be then analyzed for SQL injection vulnerabilities. For more information check out 

 Second, in order to block and mitigate SQL injection attacks (while the root cause is being fixed), one can deploy filters using URLScan 3.0. This tool restricts the types of HTTP requests that Internet Information Services (IIS) will process. By blocking specific HTTP requests, UrlScan helps prevent potentially harmful requests from being executed on the server. Basically, it uses a set of keywords to block certain requests (i.e. the request will get drop and never processed by SQL) That said, we highly encourage fixing the root cause of the problem instead of attempting on producing a perfect filter that will block all type of attacks (since in our view this is not possible and error prone). 

Coffee Drinkers Have Slightly Lower Death Rates

Since most of us Geeks are caffeine addicts……

“Coffee consumption has been linked to various beneficial and detrimental health effects, but data on its relation with death were lacking,” says Esther Lopez-Garcia, PhD, the study’s lead author. “Coffee consumption was not associated with a higher risk of mortality in middle-aged men and women. The possibility of a modest benefit of coffee consumption on heart disease, cancer, and other causes of death needs to be further investigated.”

[ Read the article HERE at Science Daily. ]

DevExpress cleans up with ASPnet Pro Magazine Readers Choice Awards.

This years Reader’s Choice Awards conducted by ASPnet Pro Magazine showed some great appreciation for DevExpress’ recent work.

Their awards included…..

Product of the Year – DXperience ASP.NET

Best Component Set – DXperience ASP.NET

Best Grid – ASPxGridView Suite

Best Add-In – CodeRush with Refactor! Pro

Best Printing/Reporting Tool – XtraReports Suite

Best Charting – XtraCharts Suite

Best Navigation Suite – ASPxperience Suite / ASPxNavBar

Best Online Editor – ASPxHTML Editor

Best Scheduling/Calendar Tool – ASPxScheduler Suite

Check them out at:

5 Big Security Threats

Baseline Magazine [ Click HERE ] has outlined the 5 Big Security Threats that Anti-virus software and firewalls MISS.

1 Trusted Users and Partners

2 Web Application Vulnerabilities

Gartner estimates that 75 percent of today’s attacks are carried out through the application layer.

Many of these application attacks are conducted through quickly coded Web applications, with little or no security baked in.

Yet these Web apps are often connected to some of the most sensitive databases businesses own.

3 Missing Devices

4 Custom Malware

5 Social Engineering

[ CLICK HERE to read the whole article. ]

Build a game, try to win some of $75,000 in prizes.

Today the XNA Team has launched Dream-Build-Play 2008.

In Dream-Build-Play 2008 you can build your dream game to compete with other game developers around the world.  This year’s contest will feature Xbox360 development only and to ensure that everyone has access we will be giving away one free 12-Month XNA Creators Club Trial membership to everyone that registers.  Contestants will compete for $75,000 in prizes and the bragging rights to say their game was the best.  Additionally, one of the top ten finalists will win an opportunity for an Xbox LIVE publishing contract.  For more information log on to

  The XNA team has launched Dream-Build-Play 2008. 

· $75,000 in prizes and the chance to receive an Xbox Live Arcade Contract.

· Create and deploy Xbox360 games using XNA Game Studio 2.0

· Everyone who registers will receive a FREE 12-Month Trial Creator Club Membership