In this issue from May 2017: The problem of conforming containers; upgrading existing
.csproj files to the new style; three key principles for software development; the new NIST rules for passwords; scaling GIT at Microsoft; and Scott Hanselman speaks at SSW.
Sharpen the Saw is a somewhat delayed repost of a semi-regular newsletter of information I publish for the professional development of software developers. While targeted primarily at developers working with the Microsoft technology stack, content will cover a wider range of topics.
To subscribe, send me an email and I’ll put you on the list. Membership is moderated.
Always a way to improve the code you write every day.
Introducing a common abstraction is a powerful design pattern, one that can be leveraged to very good use in system design. Unfortunately, any pattern can be abused and this one is no different.
One recurring abuse of the common abstraction pattern is found in the idea that major libraries can - and should - be hidden behind common interfaces that only expose the least common denominator of functionality. This is often seen with logging, with database access, and with user interfaces.
The key problem here is that these abstractions lock away all the unique functionality of your chosen library, forcing you into a simplistic mould and depriving you of much of the power of the library.
In this blog post, Mark Seemann talks about the problems of common abstraction when it occurs with dependency injection tools. Since Mark literally wrote the book, his views are worth reading.
Software and Updates
A new or upgraded tool can be a beautiful thing.
Old csproj to new csproj: Visual Studio 2017 upgrade guide
As a part of .NET Core, there’s a new style of
.csproj file that’s much leaner and easier to manage. Instead of listing every file separately, the project now just includes every file in the same directory automatically - so no more merge conflicts when two developers add files to the same project. NuGet dependencies are now listed directly instead of being kept in a separate
packages.config file. Best of all, project dependencies are now transitive - no need for your entry assembly to reference everything.
Visual Studio 2017 brings all these goodies to developers working with the original .NET Framework. While the list of supported project types is small, it covers the majority of uses, including class libraries.
Nate McMaster has written a useful guide that details the differences between the file formats and shows you how to convert existing projects.
A great developer does more than just write great code.
Three key software principles you must understand
This epic post (print preview shows 16 pages!) by Chris Peters recaps three key lessons that you’ve probably heard before:
- DRY: Don’t Repeat Yourself
- KISS: Keep it Simple, Stupid
- YAGNI: You ain’t gonna need it
His explanations of these principles are clear and well articulated. I don’t agree with everything he says (I think some of his examples need improving) but still well worth your time.
Staying safe online and writing secure systems are both harder than we think.
NIST’s new password rules – what you need to know
In 2016 the US National Institute for Standards and Technology (NIST) issued new rules on password polices. While these rules were written to be used across the entire US government, they’re more widely applicable - and very interesting:
- Maximum password length should be at least 64 characters.
- Reject any passwords found in a dictionary of known bad choices.
- Encourage longer password phrases instead of requiring c0mpl3x character mixes.
- Do not make users change passwords regularly.
I suspect there will be a lot of people surprised by that last one.
My favorite quote from this article: “Your password must contain one lowercase letter, one uppercase letter, one number, four symbols but not &%#@_, and the surname of at least one astronaut.”
Sometimes the answer is random.
Scaling Git (and some back story)
What happens when one of the largest software companies on the planet decides to adopt the most popular source code control tool for internal use? Microsoft faced this challenge when it decided a few years ago to consolidate its internal engineering systems.
Video of the Week
Take some time to feed your mind.
Hanselman Unplugged 2 – Back Down Under
While in Australia for NDC Sydney, Scott Hanselman stopped in at SSW to answer questions.