Fifth and final installment in a series. "The best way to attack the essence of building software," Dr. Brooks writes, "is not to build it at all." (p222). With this he introduces a brief discussion of the importance of code reuse, and of its challenges.

Recently I began carving out some time for using CruiseControl.Net in earnest. The book Continuous Integration in .Net was, and I'm sure will continue to be, of great help. Nevertheless, I think it will behoove my own memory, and perhaps help a few others, to record some notes on a few practical details.

I've started a new project on CodePlex, called Reggie, and posted the initial working source code. Reggie's goal is to be a simple developer tool for writing and testing Regular Expressions. It is inspired by the venerable Regulator tool and will be created in WPF using the MVVM pattern.

Part four in a series. In the chapter titled "Plan the System for Change," Dr. Brooks again lays out the foundations for Agile software development. His was an era of dumb-terminals and highly scheduled availability. And yet, here he is saying, "plan to throw one away; you will, anyhow." When RAM wasn't cheap, and good programmers even more rare than today, how does a project manager or architect justify throwing out the first design on purpose? By recognizing that "[t]he only question is whether to plan in advance to build a throwaway, or to promise to deliver the throwaway to customers."

Part three in a series. Many of the recommendations Dr. Brooks makes in this work can seem outdated at first glance; however, it does not take much to bring them into today's software development environments. Take the telephone log for example:

"One useful mechanism is a telephone log kept by the architect. In it he records every question and every answer. Each week the logs of the several architects are concatenated, reproduced, and distributed to the users and implementers. While this mechanism is quite informal, it is both quick and comprehensive." (p69)

Aside from being a fascinating inside-look at some of the challenges faced by the mainframe programmers of the sixties, The Mythical Man-Month presents many lessons-learned that are no less applicable today. This is the second article in a series exploring some of these lessons, in particular: conceptual integrity.

When last I worked with C++, it was while working on my master's thesis ten years ago, using a basic text editor in a Red Hat Linux 5.0 installation. A new task in front of me: replace a Reporting Services report, which was exporting to CSV, with a new solution that will allow me to create multiple files, with max 150,000 records each. The first challenge is speed: with that many records, only bulk copy will be reasonable. The second is splitting the file. I thought about calling BCP from a C# process, because unfortunately managed code only offers bulk loading into a SQL Server database, not from database to file. But C++ is another story, thanks to the Bulk Copy Driver Extensions made available by Microsoft. So, time for a C# developer to brush up on C++, and learn it the Visual Studio way!

Dr. Brooks is my new… well, I can't think of an appropriate noun. Certainly not a deity. One book does not make him a favorite tech author. Static text cannot make him a mentor. Maybe tech hero?

Currently I'm working on updating the main blog at safnet.com with a refreshed look and feel (the design was last changed "way back" in 2008), then I'll move on to this technical blog. In the meantime, this garish built-in template will serve to remind me that work needs to be done.

New tech-blog entries have been rare primarily because I have been spending much of my technical-writing time on internal documentation at work: trying to build-up a thorough set of documentation in a SharePoint Wiki. Most of that content is proprietary, and would not be useful outside the company anyway. But I do hope to start posting comments here again soon, starting with a few entries after recently reading the classic The Mythical Man-Month.

Microsoft's Books Online article on SQL Injection does a great job of reviewing the possible attacks against dynamic SQL statements (using EXEC or sp_executesql). I won't re-hash their discussion and suggestions. What I offer below is a sample remediation effort for this set of statements (the @Fields and @Values variables are actually stored procedure parameters):

DECLARE @Fields VARCHAR(1000), @VALUES VARCHAR(1000), @SQL NVARCHAR(2500);
SELECT @SQL = 'INSERT INTO MyTable (' + @Fields + ') VALUES (' + @Values + ')';
EXEC(@SQL);