DEV203 ASP .NET DataGrid Drill Down

Since Commnet and Wireless are down this is for those of you who attended DEV203 today, here is the code and slides download, examples in both VB and C#.

To Query String or Not to Query String

That is the question before Adam Cogan and I at breakfast this morning. He loves them. I hate them. He likes to make an HTMLa report and then use query strings to save the parameters and then email the URL to other people so that they can see the same thing. I’d rather save a view (parameters, etc) and let someone click on that. Or use postbacks. I don’t like Query Strings for a two main reasons reasons:

1. The user can change the query string and possibly see data they are not allowed to see, or you have to write code to prevent that.
2. Query Strings leave you wide open to SQL Injection Attacks and Denial of Service attacks (especially when you use sloppy code by concatenation of a SQL statement-something that you should NEVER do.) So you will have to write some RegEx expressions to validate the query strings.

Adam says that since you can code the responses to #1 and #2 query strings are useful and worth it. I tend to disagree and only use Query Strings when absolutely necessary. Who is right? We both are. It all depends on how much time and energy you are willing to spend, Adam wants particular functionality and is willing to pay (write validation code) for it, I am willing to pay (write functionality code) in different ways.

Today Scott Case, fellow RD Tim Huckaby, and I went to Kuala Gandah Elephant Conservation Centre in central Malaysia. This facility, run by the Malaysian Government, takes elephants that are endangered and relocates them to the protected natural rainforest where they roam just about free. The centre also looks after orphan elephants. We got to spend the day with some of the relocated elephants that have not entered the general population yet. I am talking up close in nature with some serious elephants-at times it was quite intimidating like when we had to run out of their way! That said this was one of the most amazing things that I have ever done in my life.

First we got to hang out with an orphan baby female elephant. She was very tame and really enjoyed having us pet her and play with her. She especially liked when we would put our hands in her mouth. At 20 months old she was already over 1,000 pounds!

Then we went into the preserve and hung out with five adults and a child elephant. This was a totally wild experience. After that we got the chance to bathe and hand feed the elephants. After washing and feeding them, they treated us to rides, on land in the river. While in the river the elephants liked to throw us overboard, we were told it was a sign of affection by our guide Razali-who was a very cool dude.

When we were all done, we visited another preserve and saw a nearly extinct bear (who loved me) and some deer and other cool animals. This was quite a unique experience.

What a great day to spend my off day at TechEd. Well it is back to work tomorrow, five sessions in 3 days!!

Where in the world is Clemens Vasters?

Clearly not in KL like he is suppose to be. I think Pat told me they are in Bangkok and that they do not get into KL until Tuesday.

Anyway get your asses here, we need to get drunk. Sicne June Clemens and I have gotten drunk together in North America, Africa and Europe. We need to add Asia to that list. Plus we have to get Scott Hanselman to party some too.

A Malaysian Brick-With an Australian

Adam Cogan who thinks that blogs are stupid and thinks that personal posts are even stupider did a brick with me today-we ran 5km and swam. (Well the swim was not as intense, but we went through the motions since we weight trained too after the run.)

While Adam can kick my ass in tennis as I learned the hard way back in 1998, he has no advantage over me while running. J

Meanwhile back in the good old USA, teammates Tom Halligan and Andy Catlin banged out 71.6 miles in the park Saturday as I learned when Tom called me to wake me up to tell me.

TechED Malaysia

Just arrived in Kuala Lumpur for TechED Malaysia. High speed internet in the hotel room, lots of RDs here and tons of technical sessions this week, what else could a geek want? Well maybe a shorter plane flight! :)

Off to dinner with Adam Cogan and then we have a day of fun tomorrow.

High speed internet just rocks, I am IMing with my lead developer and using remote desktop to push his changes up to stage, all in Asia and the dev and server are in New York.What did we do before IM, broadband, and Remote Desktop? Suffer I guess. :)

SARS?

Back when VSLive was in town and I was walking around with some speakers from around the world, they were suprised at the police and national guard presence in New York. I said that while the world has gotten back to normal after 9/11, New York has not.

Well getting off the plane in Hong Kong a while ago reminded me that SARS is still a problem. Had to take a body temp test and fill out medial forms, and I am just a transfer passanger.

Off to TechEd (and other Adventures)

I am off at 11pm tonight to TechED in Kuala Lumpur , Malaysia. I get into KL at 2pm on Saturday due to the international date line. Nothing like a 20+ hour flight to catch up on some sleep, watch some movies, and do some work. I am now doing 5 sessions in KL, was drafted to do a chalk talk:

CHK9 Chalk Talk: Developing Mobile Applications wit NET Compaq Framework & SQL Server CE 2.0

DATE/TIME: 8/28/2003 14:45

My other 4 sessions are:

DEV203 ASP .NET DataGrid Drill Down

DATE/TIME: 8/26/2003 12:00

EDM207 .NET CF Database Development with SQL Server CE 2.0 ROI

DATE/TIME: 8/27/2003 16:00

DEV206 Efficient and Secure Data Retrieval in Your Middle Tier Using Stored Procedures and ADO. NET.

DATE/TIME: 8/27/2003 17:30

DEV315 Using Regular Expressions in Windows Forms and ASP .NET

DATE/TIME: 8/28/2003 10:30

Looking forward to seeing my fellow RDs:

Adam Cogan (Australia)

Tim Huckaby (US-San Diego)

Clemens Vasters (Germany)

Scott Hanselman (US-Portland)

802.11b WEP Encryption Sucks

Today is moving day. Right now the movers are doing their thing and I am sitting in my new apartment and my roommate Linda has WiFi with a LinkSys router. A bunch of us were here partying last night after rock climbing and when Shay and Linda were busy with Friendster.com I was worrying about getting my laptop to work here today (not to do work, but to blog of course). Last night Jack and Justin told me that they enabled WAP security on the router since “WEP security is better than no security.” I was concerned since Jack did not remember the WEP KEY or the admin password (Jack set up the WiFi for Linda). I said I will just hack the router.  Teammate Tom Halligan did not toss me under the bus for the first time in history and said “Forte can hack that in like 30 seconds."

Well more like 68 seconds. Will someone call the IEEE or whoever and let them know that WEP Encryption just sucks. I am not telling you what I did, but I did not want to reset the router and update the firmware since I don’t want anything to go wrong when I leave for Asia for 5 weeks tomorrow.

Brotherly Love

Today I move from W57th Street to E51st Street. Moving is not cool.

Then later on, I get on a train to speak at the Philly.NET Users Group. Can't wait, user groups are so much fun.

I'll be doing a quick session about RegEx then the main session on Web Data Binding (samples are not all here, but this is a link to the DataGrid Tech*Ed Session). I leave for Tech*ED in KL tomorrow and do both of these sessions, so it should be lots of fun. See you all there.

Arrest this Man: NYS License Plate # ROBB (T & LC)

A copy of my email to the New York City Taxi & Limousine Commissioner:

Today something unthinkable happened during our training bike ride in Central Park. On the last leg of the 40km ride a crazy livery cab started harassing us. (This is not that uncommon.) The harassment turned ugly when the car drove across two lanes of traffic and intentionally drove straight into teammate Tom Halligan (and clipping my right elbow at the same time). Tom was not thrown off the bike, but immediately a chase was on (lead by teammate Andy Catlin) and the car was swerving in and out of traffic to escape the park. Several bikers and other cars came to our aid.

We chased the car outside of the park and he was stopped at a red light. I yelled for him to “get out of the fucking car now” as another biker who came to our aid rode to the left of the car and I was on the right, all on Central Park West and about 95^th street. Then the car turned over the double yellow line and hit the second biker and drove down to Columbus avenue! That is the second intentional hitting of a pedestrian and leaving the scene of the accident. A few more bikers were behind me chancing the car down Columbus, and even pumping the fastest I have ever went (about 40mph on flat) we lost him around 72^nd street as the car drove on the wrong side of the road and went up a one way street to escape down the West Side Highway. Even down at 72^nd cars were pulling over offering his license plate and any other assistance possible.

Please arrest this man and never let him drive again in the State of New York.

They call this FUD

Stephen Forte’s Testimony to the New York City Council, April 29, 2003

Thank you all today for taking time to hear my testimony. My name is Stephen Forte, I was born and raised in New York City and am 31 years old. At the age of 23 I founded a high-tech consulting firm called The Aurora Development Group, which was sold 5 years later. I also served as the Chief Technology Officer of Zagat Survey here in New York from late 1999 until January 2002. Last April I co-founded Corzen, based up at Union Square where I currently serve as Chief Technology Officer.

I have had to do the economic and technical analysis of whether to use Open Source in my operations twice, once at Zagat where we had a 5 million dollar technology budget but not enough time and money to meet our deadlines for an IPO and second when I founded Corzen last year with only $300,000 of initial investment. Time to market and saving money was very important at Corzen epically since I did not get a paycheck until December 2002.

As a small business owner and resident of the City of New York for over 31 years, I appreciate the magnitude of the current budget shortfall. It may be tempting to make a blanket policy stating that the City must only use Open Source software to save money. On the surface Microsoft Windows, for a typical server machine configuration costs approximately $6,000. Linux costs nothing. Surely Linux is cheaper. Isn't it?

On the surface it appears that way. But once you dive into the details you will see that Open Source is not free and that while it may have a place in your organization as well as mine when the technology deems fit, there should be no blanket “Open Source” only policy. This is a policy I would strongly urge the council not to spend any taxpayer time considering. Here is why.

A benchmark recently performed by the non-profit TMC (www.tmc.org) compared a Linux machine running IBM’s middle tier software WebLogic/ WebSphere compared to a Windows Server machine running Microsoft middle tier software .NET. At this moment in time there is no viable open source “middle tier” component to compete with the IBM or Microsoft offerings. Just a technical note, the middle tier is what makes your custom applications work: the web server, the application server, the runtime environments and the programming languages.

The TMC broke down the cost of the server machine into three components: the hardware, the operating system (Windows or Linux), and the infrastructure (.NET, WebLogic, or WebSphere). Since the hardware was the same in all benchmarks, the differentiating costs were due to the operating system and the infrastructure.

It turns out that the cost of the operating system is relatively insignificant in the overall server costs. Of the total WebLogic server cost of $76,990, only $5,990  was attributable to Windows. Of the total WebSphere server cost of $84,990, again, only $5,990 was for Windows. In neither case was the cost of Windows more than 8% of the total server cost.

However the use of Linux does have one dramatic cost consequence. It eliminates the possibility of using .NET as the application server infrastructure. Since Linux does not have a comparable infrastructure, the use of Linux thus dictates the use of either WebSphere or WebLogic. While you are paying for Windows Server, the middle tier is built right into it so the costs of the middle tier are quite low when factored in as part of the cost of the Operating System.

While the cost of the operating system is relatively insignificant in the overall server cost equation, the cost of the infrastructure is not at all insignificant. WebLogic costs $40,000. WebSphere costs $48,000. This is as much as the server hardware! .NET, in contrast, cost nothing. It is part of the Windows operating system. The bottom line is that in order to save $5,990 of operating system costs, one must lock oneself into a "free" operating system that will require an additional $40-48,000 for server infrastructure!

TMC did not include the cost of the database in their benchmark cost analysis. This was a rather odd decision, given that the database is just as critical to this benchmark as is the operating system or the infrastructure. Had TMC included the cost of the database, the cost analysis would have further favored .NET, given that Microsoft SQLServer is much less expensive than either Oracle or DB2.

I am not advocating the use of Microsoft .NET over IBM or Windows over Linux, what I am saying is that the cost of open source software is not free, and for enterprise wide applications not even less expensive then a comparable non-open source platform.

When I was the CTO of Zagat Survey I had to do similar analysis. Preparing for an IPO, we were not scalable in our web site costs. Meaning that as the total amount of users went up, the cost per user was not going down. I was being pressured by the Board of Directors, one of which was the founder of Sun Microsystems to use the Linix/Java/J2EE approach on our Web Site. When I came in as CTO I inherited a site running on the open source platform using the Java platform. The site had cost us $650,000. The problem with the site was that for what we paid for we got only the “bare bones”, the vendor told us to increase traffic a factor of 10X, we would have to spend an additional 5 million dollars. My own analysis supported this view as did the Venture Capitalists who invested 34 million dollars in the company. In addition the total cost per user would go UP, not down!

I concluded after months of research that I can increase traffic by 20x and decrease the total cost per user by 1000% by not using open source technology. In a meeting on June 13^th, 2000 with the board of directors I justified my approach based on my open source analysis:

“Everybody knows that we must have scalability if we are to build a web site that we can go public with. Surprisingly, very few people have any idea what scalability actually means. I consider a system to be "scalable" if we can add more workload to the system without increasing the cost of the system per unit of workload. The common unit of workload for a web site system is a transaction. If the commerce system is an on-line store, then the transaction equates to an actual sale. If the commerce system is a bank, then the transaction equates to a banking transaction. In the case of Zagat.com a transaction is a pure database read, which is almost each and every page.”

I went on to conclude that the June 2000 version of our web site which cost $650,000 broke down after 300 concurrent users (nobody denied this, this was the reason why I was before the BOD.) I proposed a “Microsoft” solution for 1.2 million dollars, not the 5 million. William Ford of General Atlantic Partners said to me, never have I offered a CTO 5 million dollars and he came back ask said he only wanted 1.2.

I got permission to build the site and as development took place from July to December 2000, Zagat’s needs grew, so we had to add capacity. We spent only $300,000 over our budget of 1.2 million (compared to 5 million) and achieved 20x user base and 1000% decrease in cost per customer. In December 2000 the site launched and has not been “down” since. That is 2.5 years of uptime for a real cheap price tag.

Exhibit 1. Total Cost Per User at Zagat.com

Total Cost Per Customer
	June 2000 (Java)	Proposed	December 2000	Future Plans
Hardware	$80,000.00	$210,000.00	$300,000.00	$420,000.00
Hosting	$90,000.00	$168,000.00	$264,000.00	$528,000.00
Human Resources	$480,000.00	$700,000.00	$800,000.00	$900,000.00
Software	$0.00	$150,000.00	$200,000.00	$250,000.00
Total System Cost (Annual)	$650,000.00	$1,228,000.00	$1,564,000.00	$2,098,000.00
Max Simultaneous Customers	300	6,000	10,000	20,000
Total Cost Per Customer	$2,167	$205	$156	$105

The Open Source community is dynamic and exciting. There are pieces of my architecture both at Zagat and at Corzen where I use Open Source products (SendMail for instance). I would like to conclude with a warning. Unix was plagued by different “flavors” and “distributions” that dramatically increased TCO. This fragmentation is now occurring in the Linux space. Take a look at this quote:

"’Enterprises now realize that they are writing to a distribution, not to Linux in general. What works on Red Hat Advanced Server will not work on SuSE Linux,’ Schwartz [Sun's executive vice president of software] said. ... There is little doubt that the notion of ‘Linux and free have gone away. Red Hat's pricing model now makes that clear,’ he said.”

-          Sun Drops Its Linux Distribution, in eWeek, March 28, 2003By Peter Galli http://www.eweek.com/article2/0,3959,981455,00.asp

I would like to thank the council for taking the time to hear my testimony today.