The Hogg Blog

A Graphical DSL for Describing SOA Applications

Last October we ran a SOA workshop in Redmond, with the goal being to have members of the MCS field, global practices and other customer facing organizations discuss scenarios and patterns that they see on a regular basis. Having run several of these workshops in the psat, one challenge that is hard to overcome is ensuring people describe their scenarios and solutions in a standard way.

Given the lack of a standard vocabulary for many (most?) domains within our industry this is obviously made more difficult. In an attempt to overcome this shortfall myself, Piyush Gupta and Sudarsan Srinivasan spent about a month decomposing a number of customer solutions into their constituent patterns - thus building a catalog of patterns that participants at our workshop could use when describing solutions to their scenarios. Where such patterns were already documented, we normalized on terms from sources such as Hohpe's Integration Patterns, SOA Patterns, Workflow Patterns, Patterns and Practices and IBM's dev center.

Even armed with a standard vocabulary, the next problem becomes how do you succinctly present complex system designs without requiring large numbers of UML objects. Christopher Alexander aluded to the solution to this problem through the use of a visual notation to accompany each pattern. So I searched around and found that Matthew Oskowis had created a nice little Visio template including icons for each of Gregor Hohpe's patterns. This helped us for about 50% of the patterns and so I extended it to include the additional patterns that we had identified.

When using this visual notation it became too difficult expecting everyone to recognize each of these icons, so I also extended each icon to include the pattern name. It makes the diagrams a little clumsy - but they are still quite readable. As you can see in the diagram below it is also obvious that these icons convey a lot of information in a small amount of space - more so than an equivalent UML model would for example. 

The diagram below illustrates one such example, where a service agent is performing requestor side caching allowing configuration information to be retrieved from a central configuration service and cached. The Configuration Notification Service also allows the client (should it subscribe) to be notified of changes to this configuration.

For my presentation for tomorrow's SOA BP conference I will be walking through a number of scenarios using this SOA DSL, so figured I would first post it on the blog for people that are interested in using it. If you use it or extend it let me know how you go, or share your updates.

Agent-Design Patterns for Building Distributed Service Bus Applications

Another blog that is several months late, but as usual, better late than never. I am currently preparing my presentation for tomorrow's Real World SOA: Microsoft SOA and Business Process Conference I finally made the time to read Danny Garber's paper on Agent-Design Patterns and it was well worth the read. Danny introduces the notion of a Distributed Service Bus (I think I have also heard him refer to it as an Internet Service Bus) allowing multiple organizations to collaborate on extremely complex business processes.

As with most business processes, these are subject to service unavailability errors, message translation and enrichment requirements, but because they span multiple organizational boundaries must also worry about routing across perimeter networks and error recovery in remote domains. Danny talks about how he has used a combination of Microsoft's ESB Guidance (predominantly the Itinerary pattern) and the Microsoft Global Practices Managed Service Engine (predominantly for routing across perimeter networks) to provide the DSB capability.

Are banks encouraging phone phishing attacks?

I recently called the support number to verify a charge on my Wells Fargo account and it surprised me when the automated teller requested that I enter my card number and then my pin number. I was always lead to believe that we should never share our pin numbers as that obviously breaches the security of our ATM cards - so I hung up and waited until I could talk with a customer representative. I just spoke with such a representative and apparently the bank is ok for you to share your pin number with an automated teller.

This seems very strange to me as how am I to determine whether in fact I am talking with an automated teller owned by Wells Fargo or an automated teller owned by someone with malicious intent. This possibility is greatly increased by the large number of phone numbers that the banks have - preventing me from even really knowing whether I am talking with Wells Fargo or not. This is made all the worse given the large number of phone numbers that banks appear to have nowadays. The enquiry I just made has had me dial 4 different numbers during which time I was also transferred 3 times - meaning I really have no idea who I am talking to. I can also imagine would be perpetrators obtaining numbers that are 1 digit off of major banks and obtaining ATM card information that way.

Is it just me or does this seem like a huge risk? Or is there something that I am missing here in terms of why this isn't a security risk? Also, do banks other than Wells Fargo also require customers to enter their pin numbers?

Merry Christmas and a Happy New Year!

 I did a particularly lousy job of sending out Christmas cards this year, so figured I would instead make a last ditch effort to bring some joy to the world through my blog. As you may have seen we have had a pretty interesting winter so far in Seattle with record amounts of snow bringing the city to a near stand still. The photo below shows the Microsoft campus from my office in B117.  Merry Christmas (or Happy Holidays if the former offends you :-)) to all and best wishes for the coming year.

Sticky Notes for Your Code

If your desk is anything like mine it is cluttered with millions of sticky notes, each containing some snippet of information that at some point seemed worth writing down. If you have been dreaming of the day that you can have your VS environment look similar, then wait no longer! My good friend Pablo Galliano has the perfect solution.

Seriously though, Pablo is probably one of the leading experts at extending VS (in both natural and unnatural ways) and has written a cool little utility allowing you to add post-it notes to your code. Take a look here for more information.

Distributed Computing Patterns

This one is a little late to press, but for those who haven't already seen it the Architecture Journal recently published an article on Distributed Computing Patterns that myself, Joshy Joseph, Dmitri Ossipov, Massimo Mascaro and Danny Garber wrote. You can find the article here.

Oslo MGrammar Turtle Graphics for VS2008

My colleague Joshy Joseph reminded me that the MGrammar based Turtle Graphics parser that I posted here was for VS2010. I have attached a newer version of the solution that Joshy coverted to run in VS2008. I noticed that Doug Finke has also done the same thing whilst also creating a couple of additional samples as well. Take a look at his blog for more details...

Creating a Logo / Turtle Graphics Textual DSL using Oslo MGrammar

In the early 1980's a programming language called Turtle Graphics was used as a means of introducing novices to programming on the BBC Microcomputer. Turtle graphics, a graphical version of Logo, helped introduce people to programming using a simple functional language that provided instant visual gratification allowing the user to move a triangular turtle across the screen using simple commands such as forward, backward, right turn and left turn.

At PDC this year the Connected Systems team introduced a new language called "M" - which allows textual DSL's to be created. I will talk more about this language in future posts especially compared with the F# Lexer and Parser that we used to create our textual DSL for SecPAL, but first I wanted to create a programming language with which to learn Mg. I thought a version of Turtle Graphics would be fun - and interesting for anyone else interested in experimenting with or learning Mg.

The programming language I am liberally calling Logo (and the associated interpreter) are fairly simple - but I thought it would be fun for people to play with, especially those with children who are looking for new ways to introduce their kids to progamming. I did the bulk of the work specifying the grammar for this simple version of Logo on the flight back from LA to Seattle - which should give you a sense of how intuitive Mg is - and how productive the Intellipad authoring experience is.

Given that Thanksgiving is just two days away I figured it would be patriotic (odd coming from an Aussie/Kiwi/Pom hybrid) to show how simple it is for this language to draw the United States flag - a design which obviously would make significant use of loops and nested loops. 

The screenshot above shows the output from this program. The complete logo program listing is also included below so you can see how complex objects can be created using a simple grammar comprising of just 5 commands:

    - Commands - Commands perform actions such as moving or rotating.
        Rotate n - Rotate 'n' degrees
        Draw n - Draw a line 'n' pixels long
        MoveAbs x, y - Move to an absolute position
        Move x,y - Move to a position relative to last move / draw command
    - Loops - Sets of instructions which are executde iteratively. Loops can be nested.
        Loop n { [Command] }* 

I have attached the full source code for this so that you can play with this yourself. The source code is based on the PDC (October?) version of Oslo which you will have to first download from MSDN. The language could easily be extended to include color, line widths, other types of lines such as bezier curves etc - which should provide a good introduction for anyone interested. Post pointers if you do anything fun with this.

In addition to the formal grammar for my logo language (logo.mg) the .zip file also includes a WPF interpreter that interprets the parsed output of our logo programs and converts them into WPF Path Geometry syntax. There is also a simple editor that allows you to edit and run our Logo programs - providing a nice easy way to start teaching your children to program. Or for yourself to start modifying the language as described above.

Enjoy!!! And (to those in America) Happy Thanksgiving...

// Logo (and Mg) sample program 
// Happy Thanksgiving! 
// Move to top left
MoveAbs 25,25 

// Draw five rows of stars
Loop 5
{
   // Draw ten columns of stars
   Loop 10
   {
   // Draw five points to make each star
   Loop 5
   {
         Rotate -54
         Draw 5
         Rotate 126
         Draw 5
   }
   Move 20 -1
   }
   Move -210,20
}

// Draw the lines next to the stars
MoveAbs 430,25
Rotate -90
Loop 5
{
   // Lines are 5 pixels high
   Loop 5
   {
      Draw 200
      Move 200,1
   }
   Move 0 15
}

// Draw the lower lines on the flag
MoveAbs 430,125
Loop 5
{
   // Lines are 5 pixels high
   Loop 5
   {
      Draw 410
      Move 410,1
   }
   Move 0,15
}

Geneva Identity Management Framework

For anyone who has followed my blogs around developing an STS or writing authorization policies you will be very interested in Kim Cameron's announcement at PDC of the Geneva Identity Management platform. Genvea includes:

• Geneva Framework - A .NET framework for writing interoperable, claims aware applicatoins
• Geneva STS - An STS integrated with AD. Supports issuance (finally) and consumption of Cardspace Cards. 
• CardSpace Geneva - A federation client

In addition to these framework like components, there are also a couple of services (biult using Geneva) including:

• Microsoft Federation Gateway - Provides the basis for the Microsoft Services Identity backbone - brokering access to Microsoft cloud applications and developre services
• Microsoft Connector Services - Federates AD to the Microsoft Federation Gateway. Provides lightweight access to the federation gateway.
• .NET Access Control Service - Next generation service (STS) that performs claims transformation. It receives authentication information and issues authz decisions. This includes a management portal and API's for managing and writing authz policies.

 I haven't had a chance to play with any of these tools yet, but will be very interested to see how the Access Control Service's capabilities compare with SecPAL... :-)

Microsoft Azure cloud OS announced at PDC2008

I am here at the PDC in Los Angeles having just watched Ray Ozzie and Bob Muglia finally present the next generation of Microsoft's Cloud Services / Software plus Services strategy with the release of our new operating system for the cloud "Azure"!

Windows Azure was designed from the ground up for the needs of cloud based computing models. It includes capabilities such as:

• Scalable hosting - from a fraction of a server to many servers
• Automated service management - fabric controller manages the health and lifetime of deployed services according to a services model
• High-availability - replicated backend storage
• Rich developer experience
• Open platform - Command line interfaces, REST protocols, WS, Web…

As I watched the presentation it dawned on me some of the parallels between how existing operating systms are designed and the functions that will now be fulfilled by Azure. The diagram below shows a conceptual view of the core layers in existing operating systems, which are typically split between kernel mode and user mode where user applications are designed to be run.

Logically Azure follows a similar model having the Azure OS providing the equivalent of the kernel exept now running in the cloud managing a potentially limitless number of CPU's, memory and disk storage all hosted in the cloud.

Moving up a level we have the Microsoft Azure Services Platform. As with the executive in an OS taking responsibility for security, storage, I/O and IPC; Azure provides a host of similar capabilities. At the lowest level the Azure Services Platform includes support for .Net Services including a Service Bus, Access Control and Workflow Services. It also includes SQL Services. At a higher level the Azure Services Platform includes support for Live Services, Sharepoint Services and Dynamics CRM Services.

In terms of how applications can be designed to run on in this new cloud based paradigm the great news is that it is all through our existing tools and languages - Visual Studio and .NET. At the highest level in the stack where traditionally applications like Office would run, we now have online extensions to these products including: Windows Live, Office Live, Exchange Online, Sharepoint Online and Dynamics CRM Online.

Anyway, this post should introduce you to some key concepts and technologies that I believe are going to be critical to consider as you design distributed applications moving forward. I personally think this announcement and the associated announcements that you will continue to hear over the course of this week is the most significant change in our industry since the release of .NET.

Language Oriented Programming

Chris Smith from the F# team has an awesome blog post on language oriented programming - and specifically LOP in F#. For those new to LOP Chris describes it as a style of programming that resembles a domain specific language - but is still valid in a general purpose programming language.

As we see more and more DSL's emerge - specifically in domains where visual models aren't adequate to sufficiently represent domain concepts - I believe we will see a huge movement toward LOP. For our Security Policy Language this was the case - leading us to the creation of our SecPAL Parser - which was also written in F#.

Anyone interested in DSL's should definitely read Chris' blog post...

patterns & practices Improving Web Services Security: Now Available!

Over the last 12 months we have had a lot of people who used the Web Service Security - Scenarios, Patterns and Implementation Guidance ask us where the implementation guidance for WCF was. Great news. JD Meier, Jason Taylor, Prashant Bansode and Rob Boucher and the rest of his P&P team have just released their guide which includes Security Fundamentals for Web Services, WCF Security Fundamentals and Scenario specific guidance. Great stuff - and a must read for anyone designing secure distributed systems based on WCF. Available from: http://www.codeplex.com/WCFSecurityGuide

P&P Happenings

I have been catching up with old friends from the P&P team over the last couple of days - many of whom have been working on new and exciting initiatives that I thought I would share with you. Each of these deserve their own blog posting, but until I get more time I thought a brief summary might be useful:

• J.D. Meier has as always been crazy busy. I mean to blog about this ages ago but never manage to find the time. Several cool things that JD has been working on include:
• Bookshare - If you are the kind of person that browses through airport bookstore thinking how great the selection of management guides is and wouldn't it be amazing if you could read all of them - then worry no more. J.D. spent his entire Christmas vacation reading all of them and providing nice summaries for you to take a look at with the goal being to allow you to determine which of these books are worth buying and reading yourself. Incredible stuff that only J.D. could create.
• GuidanceShare - A kick-ass repository of much of the work that JD and the rest of the P&P team has created. In wiki form so add to it or provide detailed feedback on what you liked and what you didn't like.
• Guidance Exporer - When I was much younger than I am today and technology changed at a much slower rate organizations used to create massive binders of stnadards that all developers would follow when writing and deploying applications. Today there is arguably too much technology and it changes too fast for such binders to be relevant. Until now. With Guidance Explorer you can leverage P&P's guidance base, plus add your own organizations standards and create views over this repository.
• A Documentation Factory - Nelly Delgado and Tim Osborne showed me some really great tooling that they have been working on for supporting creation of documentation to accompany blocks and factories. In the past this was always a nightmare. For P&P we had to create design and API documentation which then had to be output to CHM, HSX, HTML, PDF and goodness only knows how many other formats. Nelly and Tim have even released this guidance on www.codeplex.com/doctools - so if you are creating any kind of reusable assets you should definitely take a look.
• Unity - Grigori Melnik sent me a link to Unity a couple of months ago and I honestly haven't had time to do it justice with a full blog post and some samples - but in the mean time I suggest that anyone interested in concepts such as IoC and dependency injection should take a look.
• Fun, fun, fun... and I have been playing a little with Entlib 4 which looks like it will continue to kick-ass...

On a sad note fpr Microsoft Scott Densmore (Lead Dev and PM on Entlib and many other things) left P&P yesterday to start his new career at Disney. Not sure which rides he will be managing or which costumes he will be wearing - but which ever ones they are you can be sure they will be the fastest rides or the most opinionated Disney characters you will ever meet. :-) Best of luck Scott...

WhoIs Shenanigans

I am sure that everyone has used a WhoIs utility (such as http://www.internic.org/whois.html) for querying the owner of a domain name such as microsoft.com. There is however an alternative to these Web forms which provides more information allowing you to search not just for strings matching a domain name, but also for strings matching registered hostnames of domain names. This provides hysterical insight into the minds of some Webmasters. For a laugh take a look at some of these hostnames registered with microsoft.com or google.com in them.

MICROSOFT.COM.WILL.LIVE.FOREVER.BECOUSE.UNIXSUCKS.COM
MICROSOFT.COM.WILL.BE.BEATEN.WITH.MY.SPANNER.NET
MICROSOFT.COM.SOFTWARE.IS.NOT.USED.AT.REG.RU
MICROSOFT.COM.SHOULD.GIVE.UP.BECAUSE.LINUXISGOD.COM
MICROSOFT.COM.IS.NOT.HOSTED.BY.ACTIVEDOMAINDNS.NET
MICROSOFT.COM.IS.GOD.BECOUSE.UNIXSUCKS.COM
MICROSOFT.COM.HAS.ITS.OWN.CRACKLAB.COM
MICROSOFT.COM

GOOGLE.COM.ZOMBIED.AND.HACKED.BY.WWW.WEB-HACK.COM
GOOGLE.COM.YAHOO.COM.MYSPACE.COM.YOUTUBE.COM.FACEBOOK.COM.THEYSUCK.DNSABOUT.COM
GOOGLE.COM.IS.NOT.HOSTED.BY.ACTIVEDOMAINDNS.NET
GOOGLE.COM.IS.HOSTED.ON.PROFITHOSTING.NET
GOOGLE.COM.ACQUIRED.BY.CALITEC.NET
GOOGLE.COM

To see the complete list (r rated) try running the code yourself. Post a response with your funniest hostname or domain names other than these two that are particularly funny.

using System;

using System.Collections.Generic;

using System.Linq;

using System.Text;

using System.Net.Sockets;

using System.IO;

namespace WhoIsQuery

   class Program

      static void Main(string[] args)

         // A query that results in more than one result lists all possible results

         // so that a more precise query can be entered.

         // A query with only one result returns just that result.

        // Send request to WhoIs Server

        Console.WriteLine("Contacting Internic");

        TcpClient client = new TcpClient("whois.internic.net", 43);

        StreamWriter writer = new StreamWriter(client.GetStream());

        writer.WriteLine("microsoft.com");

        // Retrieve response

        StringBuilder output = new StringBuilder();

        StreamReader reader = new StreamReader(client.GetStream());

        do

           output.Append(reader.ReadLine() + Environment.NewLine);

        while (!reader.EndOfStream);

        Console.WriteLine(output);

        Console.ReadLine();

The Glory Days of Home Computing

It has been a long time since I have blogged (more about that in some later posts), but two recent articles that I read on the BBC website have motivated me to write again. The articles honor the creators of the BBC Microcomputer which along with companies like Sinclair, Apple, Commodore and of course Atari provided the first introduction to computing to many developers of my era. It was a time when magazines like Your Computer, Computer and Video Games and Byte magazine provided the crucial link to a community of like minded youths that lived at the far corners of the world desiring to learn more about how to master the art of computer programming.

For me, these magazines were critical. At the time I lived in New Zealand, and home computers were few and far between. If I wanted a game, I had to write the game myself. Initially I tried this with Basic but was always frustrated at the quality of games possible with Basic - and then with machine code on one of my earliest computers - the ZX Spectrum. It was around this time that I turned turncoat and traded my ZX Spectrum for a BBC Computer which not only had a far superior version of Basic integrated into it - it also had the ability to inline assembly language, suddenly providing access to advanced graphical capabilities much more easily.

For folks from the United States where I now reside, I believe the home computer market was very different, although no doubt seemingly just as exciting. In the UK (and indeed New Zealand as well) there were a large number of home computers rivaling for attention, including: the Sinclar ZX Spectrum, the BBC Microcomputer, Amstrad, Dragon 32 and of course Apple II and Atari 400 and 800's. Each of these computers had their own strengths (and weaknesses) and a user base of passionate developers that would swear allegiance to their computer of choice. Never was this battle as bitter as that between owners of the ZX Spectrum and the BBC micro. It was an exciting time.

If you haven't heard of the BBC Microcomputer (which I am sure is the case for many non-British folks) it was in my opinion a true testiment to British engineering. Some of the capabilities of the BBC Micro that made it so compelling included:

• One of the most advanced Basic interpreters available on the market (in ROM), with integrated assembly language support
• Built in support for cassette tapes (yeeha!) or 5.25" floppy drives
• Built in networking capabilities, allowing schools to set up networks of BBC's very simply
• Extensibility through pluggable ROM's and easily burnable EPROM's
• Built in support for teletext

Teletext in particular was (along side early bulletin boards) a predecessor to the general Internet, allowing business and homes to obtain access to news and information using their home computers via data transmitted between frames in television signals. But as many things British, unfortunately the BBC Microcomputer did not infiltrate the United States until much later when the researchers behind the BBC Microcomputer - Acorn - developed the ARM processor which now powers many mobile phones and printers.

I often wonder how new generations of youths will become motivated and excited by the potential of home computing. Our Windows (or Apple) based home computers no longer ship with the ease of access that an integrated Basic interpreter provided - sure shell scripting and integrated VB script within applications like Excel is available - but it just isn't as accessible. Similarly, capabilities have advanced leaps and bounds. When we used to dream about the possibility of digitizing sound or pictures, this is now routine - and the possibility of writing a game without a team of graphical designers requires creativity that few people can possess (Tetris is the last such game I can recall).

As I write this blog, I am left to wonder if the era of home computing isn't dead and we are now in a new generation of network based computing, where our children will instead learn to understand basic protocols such as HTTP and REST, whilst using languages like Ruby, Perl and Python to take their first steps just as we did ours with Basic. If that is the case, and realizing that many of the Internet innovations of our era such as ICQ and Napster originating from youths much like the original Operating Systems designed by companies like Apple, Sinclair and Microsoft it maybe rekindles some of that early awe and excitement making me wonder where we will be in ten years time when my soon to be born daughter Tegan may possibly be learning to program...  

For those that have read this far, I assume we share a common past, so I thought it might be fun to see who could remember what the 8 computers pictures are. To keep it interesting, there are a mix of American and British computers... enjoy!