PEX = Program EXploration (a Microsoft Research project). I'm not really sure what this is, but a fellow RD, Barry Gervin, pointed it out to some of us MVPs recently after he visited a Microsoft Research "science fair".

Apparently, PEX automatically generates unit tests, allowing developers to find bugs early. In addition, it suggests to the programmer how to fix the bugs. Sounds too good to be true, but since it will enable "a new development experience" in Visual Studio Team System, I should probably keep an eye on it.

Maybe this will keep the TDD purists off of VSTS' back.

SQL Injection attacks are a well know exploit of insecure database systems. If you don't know about SQL Injection, you can change that by visiting Wikipedia.

If you feel like injecting some SQL into your site, you should visit the SQL Injection Cheat Sheet page for all of the approaches. As the author mentions, only MySQL, Microsoft SQL Server, (some) ORACLE, and (some) PostgreSQL are supported and that most of the samples are not correct for every situation.

Happy hacking!

I'm a bit late to the party, but I wanted to recognize a couple of cool 2007 Jolt Award winners ...

• Microsoft and the VSTS/Database Professionals product group for "Database Engines and Data Tools" (read more here and here)
• Scott Ambler for his awesome book, Refactoring Databases.
• stpBA Storyboarding for VSTS 

In fact, here are all the winners.

I've been in Orlando this week, speaking at SQL Connections and have been derelict in my blogging duties, especially with regard to VSTS.

• Microsoft announced on Monday that they had acquired DevBiz (the company that produces TeamPlain), which has been the leader in browser-based access to Team Foundation Server, further boosting cross-platform access (and adoption). TeamPlain Web Access also enables a peripheral team member to browse project information and manipulate work items, source code, etc. I believe the new, official name will become "Microsoft Visual Studio Team System Web Access" (another mouthful). This acquisition also means that we will get to use TeamPlain for FREE (assuming we have a proper client access license for TFS). Read more about the acquisition on Brian Harry's blog and Microsoft PressPass.
  
  
• Microsoft published their Visual Studio Team System "Future Releases" roadmap, even beyond Orcas. So now, we can all speak the words "Rosario" in public. Rosario is the codename for the version of VSTS beyond Orcas. The roadmap is very thorough, even listing service packs and power tools, so you know exactly what delivery vehicle your feature or fix will be arriving in.
  
  
• Gert Drapers (the data dude) announced Service Release (SR) 1 for VSTS Edition for Database Professionals. He says that it's "in the works" and will be published sometime in Q2 of 2007 (let's hope April). He lists a few of the fixes and features that will be in the SR in a recent blog posting.
  
  
• Yesterday, Microsoft announced that unit testing will become a feature of the Professional edition of Visual Studio Orcas. This has been a passionately-requested feature by everyone in the world not running Dev, Test, or Team Suite editions. Finally, everyone who has Professional edition and up will be able to write and run unit tests. What about code coverage, that's still a question.
  
  
• The Patterns and Practices team has released updated prescriptive guidance on VSTS. JD Meiers lists many of the improvements on a blog post and you can find the guidance itself on CodePlex.
  
  
• Speaking of guidance, Microsoft recently published a 40-page branching guidance document which does a very good job of explaing branching and merging strategies for various size teams.

The next Ask An Expert Live Chat is scheduled for Thursday, April 19, 2007 at 12:00 PM PDT. 
  
Mark your calendars (or click this ICS link). For more information, visit Microsoft Technical Chats.

John Backus, whose development of the Fortran programming language in the 1950s changed how people interacted with computers and paved the way for modern software, has died. He was 82.

We all have our favorite database structure generator or schema reporting tool. Maybe we have built one of them in the past. I always tell my clients that it's a great "first application" to build when learning SQL Management Objects (SMO).

I just found out about SqlSpec.

SqlSpec generates documentation in two formats: HTML or CHM. I particularly like the CHM format, especially when you want a single, compact file containing all your documentation about one or more databases. The CHM is indexed so it is easily searchable for any keyword. If you visit their Samples page, you can see what these CHM files look like.

Naturally, SqlSpec supports SQL Server and Analysis Services, but also other legacy databases like Oracle, MySQL, and Access. It's $149 and they have a free trial version.

Pretty slick.

Next week there will be a two-day seminar on Visual Studio Team System (VSTS). Unfortunately, I won't be delivering the event.

If you attend, you can see how VSTS includes an integrated team server and customizable processes to help teams drive predictability, visibility, and control into their software development process. This seminar will provide an overview of features for project managers, business analysts, software architects and developers, database professionals, and software testers.

Agenda

• Day 1 - VSTS core concepts, work item tracking, architecture, and development
• Day 2 - VSTS databases, testing, reports, and customization

Register now; limited seating. Please call 1.877.MSEVENT (1.877.673.8366) or visit http://www.microsoft.com/usa/events and search on Event ID. Breakfast and lunch will be provided.

March 26-27, 2007
Microsoft Corporation
250 S. Fifth St., Suite 180
Boise, ID 83702
Phone: 208.345.3860
Event ID: 1032329394 

Registration Link: http://msevents.microsoft.com/CUI/EventDetail.aspx?EventID=1032329394&Culture=en-US

For some time, I've been sharing a neat hack that I came up with for finding files using Google. Here's how it works:

Assume you are looking for a specific file, such as northwind.mdb.

• If you enter "northwind", you'll find 1,666,000 hits.
• If you enter "northwind.mdb", you'll find 186,000 hits (mostly articles talking about northwind.mdb)

To find pages that have the file itself, type the following underlined search ...

"index of" northwind.mdb

This returns 712 pages, and you want to look for the ones that begin with "index of", such as Index of /english_examples/exceltmm/22.

These "index of" pages are simply directory listings from Web servers where directory browsing was enabled. This is generally considered a security hole, but some sites (like .edu sites) leave them open because it's an easy way to share files.

So, here's an update to my hack, sent to me anonymously:

intitle:index.of "mp3" +"Jack Jones" -htm -html -php -asp "Last Modified"

As you can see, this sample is looking for MP3s, and includes "Last Modified" and excludes some noise. It's a little cleaner and reduces the chances you'll return pages that aren't really directory listings.

Update: Here's yet another blog posting on how to do this, from Amazon's official blog ...

Note: you shouldn't download licensed/copyrighted material that doesn't belong to you.

Recently, Microsoft and IESC Geekcorps have teamed up to send Microsoft developer experts to participate as volunteers in the “Access to International Markets Through Information Technology” (AIM-IT) project in Lebanon. They are currently in search of volunteer experts with expertise in Visual Studio 2005 Team System & Team Foundation Server, as well as MS Solution Framework, and general software development project management.

Those that volunteer with Geekcorps on this project will receive airfare, accommodations, insurance and a living stipend – all paid for by Microsoft. Volunteers’ only out-of-pocket expenses come from any incidentals or personal purchases. Arrangements will be made for you to travel from home to Lebanon (a passport is required) and you will be met at the airport by a program representative. The project’s duration will be approximately 6 weeks.

If you are interested in learning more about this opportunity, visit this page.

It took me a couple of days to go through my photos, but I found a good one of the various Visual Studio Team System MVPs who attended Basta!

Here's Martin Kulov, me, and Ognjen Bajic. But, where's Neno?

One of the coolest controls that Visual Studio 2005 includes is the report design and view functionality of the ReportViewer controls. What used to be a server-only function, .RDL (now .RDLC) files can be rendered client-side by Web or Windows applications with this control. Reports can contain tabular, aggregated, and multidimensional data.

Thanks to Peter Myers for pointing me to this site to answer all of my (and your) questions and help unlock the hidden potential of the ReportViewer control.

If you are running Vista and VS 2005, you need to install this SP1 update.

It's referenced by KB929470, and you can download it here.

Thank you to my friends at Basta! for recommending me as an alternate speaker for the Frankfurt .NET User Group meeting last week. Thomas "Teddy" Sohnrey was the coordinator (and my interpreter at times).

The topic was Effective SCM using Visual Studio Team System, and I enjoyed sharing my approaches and best practices to the many software developers in the room.

Of course, what I will remember most about the evening is the venue: Microsoft's office in Bad Homburg, and the free beer in the break room!

Last summer, Microsoft acquired Sysinternals and Mark Russinovich. They have consolidated all of the cool utilities, for both IT professionals and developers, into one listing. You’ll find utilities to help you manage, troubleshoot and diagnose your Windows systems and applications.

Enjoy.

As you know, Visual Studio Team System tracks many different work item types, such as requirements, tasks, and bugs. Many agile teams like to use "sticky notes" to post on the wall to organize their backlog of requirements and tasks and plan their iterations. Even Joel on Software's company is doing this.

Since I have no life when I travel, I wrote 3M yesterday to see if they manufacture Post-It note sheets that can be fed through a laser/inkjet printer ... and they do!

They come in 25, 100, 300 or 500 sheet quantities and I checked a couple of sites, such as CDW, #1 Online Catalog, and Computers Unlimited. The prices range from $0.40 to $0.85/sheet, which might be cost prohibitive. Another cool option might be to use the stackable/sortable cards from 3m, although they are not sheet-fed, some printers might be able to "grab them". They come in a few different sizes.

Over the weekend Microsoft released some cool add-ins for Excel 2007 and Visio 2007:

• Table Analysis Tools for Excel - this add-in provides you with easy-to-use tasks that leverage SQL Server 2005 Data Mining under the covers to perform powerful analytics on your spreadsheet data.
• Data Mining Client for Excel - This add-in allows you to go through the full data mining model development lifecycle within Excel 2007 using either your spreadsheet data or external data accessible through your SQL Server 2005 Analysis Services instance.
• Data Mining Templates for Visio - This add-in allows you to render and share your mining models as annotatable Visio 2007 drawings.

Download the new add-ins here.

There are way too many Crystal Reports out there in the world and I would love to see more of them converted to Reporting Services. Therein lies the problem. I had heard that Crystal (now BusinessObjects) had blocked companies, like Hitachi, from building converters, because they would be reverse engineering (or using the APIs to reverse engineer) the .rpt files, and that would violate the license agreement.

Microsoft only provides migration guidance, but I see that one company, KTL Solutions, has a conversion product available, and another company, Jeff-Net is offering a $25/report conversion service at rpttordl.com.

Occasionally I'm asked about the business value of VSTS and TFS. I think it's pretty obvious, but I guess others need more convincing than just my word.

I've pulled together some links below that will help with this.

• Case studies - contains many ROI as well as technical case studies
• Customer evidence - contains some more case studies and testimonials
• Business value whitepaper - SDLC pain points and VSTS benefits
• Software lifecycles - a collection of scenarios providing evidence of VSTS benefits
• TFS Evidence Booklet - a PDF that was handed out at some of the roadshows

How's this for my next writing project?

Just kidding. I happened upon this site, and thought I would get creative.

Wow, what a great 'camp! We had over 200 attendees (207 was the last number I heard) and many, many great sessions. Thanks to all of you who attended, helped coordinate, and SPOKE at the event!

Rob Anson (BSU) welcomes students to the College of Business and Economics.

Personally, I enjoyed showing off PowerShell and getting some good feedback from fellow developers on how they might use it and what they thought the really cool featuers were. You can download my demo files here. Also, the demo script for my SQL Server 2005 for Developers talk can be found here.

As for my third talk, co-presented with Jason Mauer, it didn't go as planned. We had intended to show off Amazon's Mechnanical Turk in the search for Dr. Jim Gray, Microsoft's missing researcher from Silicon Valley. When we got to the session, however, we read the announcement "Satellite Image Examination Done! We've examined more than 560,000 images from 3 satellites, covering nearly 3,500 square miles of ocean! We currently do not need help here." Thanks to everyone (around 20) who showed up to the session to help! Instead, we spent some time discussing Mechanical Turk, S3, and other popular web services.

Jason Mauer exploiting his dog for money on Mechanical Turk.

After the final session and closing "ceremonies", most of the attendees broke off and headed over to the Allen Noble Hall of Fame building for a great dinner and some giveaways. Thanks to the sponsors: Micron, Microsoft, Keynetics, Treetop Tech, and healthwise!

Friday night's presenter's dinner was a good time, and a good place to relax and prepare for the day ahead. About thirty of the presenters and coordinators of 'camp met at Murphy's on Broadway and enjoyed some good food, and presentation tips and tricks from veteran campers.