The Developers Magazine Developers Group Magazine July/August 2005 Page 1 return to index The Developers Magazine published for members every two months by The Developers Group incorporating

The Developers Group Magazine July/August 2005 Page 1 return to index

The Developers Magazinepublished for members every two months by The Developers Group incorporating the DotNET Developers Group and UK Borland User Group

July/August 2005

The Developers Group (DDG & UK-BUG), run by Joanna Pooley and friends,is a division of Richplum Ltd, 7 Devizes Road, Upavon, Wiltshire SN9 6ED, U.K.

telephone 01980 630032 fax 01980 630032 e-mail [email protected] www.dotnetuk.com and www.richplum.co.uk

This issue celebrates The Best of Delphi 2005 and Dr Bob’s birthdayContents

Meetings ....................................................................................... 2

The Developers Group Meeting on July 18th......................... 3Multi database upgrader utility, Migration from Legacy Data-Files to Relational

Databases, making trees with SQL, Developing ASP.NET Websites using DotNetNuke

ASP.NET Security Best Practices Masterclass ........................ 5Michael Li covers countermeasures against common threats and best practices in creating

secured ASP.NET applications

Using IntraWeb ........................................................................... 7John Evans shares his experiences

Mastering Borland Delphi 2005 .............................................. 16Marco Cantu’s forthcoming book

DG Member achieves ISO 9001 certification ........................ 17KIC Computing explain why they wanted the accreditation

Delphi 2005 BDP Deployment ................................................ 19Bob Swart discusses the steps needed for the successful deployment of a Delphi 2005

application using the Borland Data Provider (BDP) to work with databases

DG Stars at Microsoft’s Developer Developer Developer .. 27You saw them here first!

Malware Identification, Isolation & Removal ...................... 28Brian’s extermination service

The Art of Project Management.............................................. 29Craig Murphy reviews Scott Berkun’s book

Delphi 2005 training course on DVD..................................... 36KeyStone Learning’s new e-learning tool - win a free copy

DIL CD - search the way you want ........................................ 37Tens of thousands of items of vital information at your fingertips

The Developers Group Magazine July/August 2005 Page 2 return to index

Meetings• Combine material formerly covered separately by the Borland User Group (mainly Delphi, both for

.NET and Win32) and the DotNET Developers Group (C# etc).

• Are alternately at

• POSK in Hammersmith on Tuesdays 12.30-6.00 pm (with tea/coffee and biscuits, plus two-coursesupper afterwards if required).POSK is at 238-246 King Street, Hammersmith, London W6 0RF (Ravenscourt Park on the District line- 2 mins walk, Hammersmith on the Piccadilly, District and Hammersmith & City lines - 12 minswalk). Meter parking is available in side streets and in the King Street Mall at around £8.

• Microsoft’s offices in Reading on Mondays 11.30am-6.00pm (substantial refreshments).

We meet in Building 3, Microsoft Campus, Thames Valley Park, Reading RG6 1WG. Parking is availableand there are frequent courtesy buses from/to central Reading and the station until 7.15pm.

• Take place as regularly as possible but avoid weeks shortened by bank holidays, (more or less) monthlyexcept in August and December.

• Are free to members provided that places are booked in advance (even if only provisionally) at leasta week in advance for Microsoft and four days in advance for POSK.

• Comprise technical sessions presented (mainly) by members - the main purpose of the user groupbeing to facilitate the interchange of knowledge between members.

Meeting dates 2005:

• January Friday 14th meeting at Currie & Brown in Edinburgh

• January Tuesday 18th meeting at POSK

• January Monday 31st masterclass at Microsoft (further masterclasses to be arranged)

• February Monday 28th at Microsoft

• March no meeting (because of late February meeting, early Easter, early April meeting)

• April Tuesday 12th meeting at POSK

• May Monday 16th meeting at Microsoft

• June Tuesday 21st meeting at POSK

• July Tuesday 5th and Wednesday 6th Component Development masterclass at Upavon

• July Monday 18th meeting at Microsoft

• August no meeting

• September Tuesday 20th meeting at POSK

• October Monday 3rd ASP.NET Security masterclass at Microsoft in Soho

• October Monday 17th meeting at Microsoft

• November Tuesday 15th meeting at POSK

• December no meeting

Speakers neededUser groups meet specifically for members to get together, to share information, experiences andproblems. Please contact us to discuss what you can contribute to a meeting or the magazine, howeverbrief or basic.

The Developers Group Magazine July/August 2005 Page 3 return to index

The Developers Group Meetingat Building 3, Microsoft Campus, Thames Valley Park, Reading RG6 1WG

click here for map and directions

Monday July 18th

with group leader Brian Long

Agenda11:30 Registration (with tea/coffee plus a bacon or egg roll, if you arrive early enough.)

12:00 Welcome, News and Problem Clinic: Brian LongBring your development problems for discussion. We’ll try to help solve them - even that ill-fated firstquestion which always seems to elude us.

1:00 A Multi-Database Upgrader Utility: Peter GoddardThis utility was developed to being able to update and upgrade several hundred InterBase databaseswithin the very short time span of five working days. The major problem was that each of the databasescan be at a different version level and often requires SQL scripts to be run either before and /or afterthe upgrade process. A further complication is that, due to the way constraints, foreign keys andprimary keys are created by InterBase, these constraints may have different names (numbering) whichwill then void the ‘plans’ used in the SQL stored procedures. Therefore the utility had to force uniformityon the databases being upgraded, provide the capability to be able to work with orphaned data (lostintegrity), provide traceability of the upgrade process, and require no manual intervention.

The utility achieves its objectives by initially stripping out all SQL stored procedures, all automaticallynumbered primary and secondary keys as well as foreign keys, before rebuilding all these indices withthe desired numbering i.e that of the reference database. Furthermore, the utility can run SQL scriptsbefore, during and at the end of the process. The utility is totally written within Delphi but incorporatesa lot of string handling as well as running of the ‘isql.exe’ command line utility from within the application.

2:10 Tea/coffee and cake

2:30 Migration from Legacy Data-Files to Relational Databases: Roland PotterMigrating data from legacy systems using proprietory, or pre-defined data files, normally requiresdevelopment of specific programs to migrate the data to a meaningful set of tables in a relationaldatabase. Having already produced a software package dedicated to migrating between databaseplatforms, we decided to try and produce a general purpose add-on facility to convert legacy datafiles. We worked on the principle that the first step should be to extract all the data, and that furtherconversion work could more easily be carried out on the resultant database tables. All that’s neededthen is to completely rewrite all the applications that deal with the data!This session covers the stepstaken to achieve the data conversion, in the course of which we worked with parsing data definitionfiles (COBOL source), translation of non-Delphi data types, producing a text/binary viewer to allowfield definition on raw data files and producing a flat-file dataset component to read the files.

3:35 Brief fidget break

3:40 Making Trees with SQL: Adam BrettThis intermediate level session looks at SQL scripts and Tree View components in Delphi. Trees aregreat, highly user intuitive GUI elements but, used badly, they encourage very poor database design.This session examines these problems and ways round them whereby multi-table normalized datasetscan be pulled together to form suitable data for Tree Views. We also cover creation of customcomponents from ancestor Tree Views that can easily handle these types of data with minimum ofrepeated coding. The components are Win32, but the session focus will be equal parts SQL, generalpoints on Tree Views and Data structures, making things pretty platform-independent.

4:45 Brief fidget break

4:50 Developing ASP.NET Websites using DotNetNuke: John BragaJohn introduces DotNetNuke, an open-source system which builds on ASP.NET to create flexible“Portal websites”. He includes examples of developing custom modules, programming in C# or VB(not in Delphi on this occasion), and discusses some of the tools (including free ones!) that now exist tohelp the development process.

6:00 End (and adjournment to the David Lloyd sports centre for anyone who wants to come for a drink).

The Developers Group Magazine July/August 2005 Page 4 return to index

www.raize.com

The Developers Group Magazine July/August 2005 Page 5 return to index

ASP.NET Security BestPractices Masterclass

with Michael Liat Microsoft’s Soho offices on Monday October 3rd 10am - 6pm

This masterclass focuses on countermeasures against common threats and best practices in creating securedASP.NET and/or web applications. It is divided into two parts.

Part 1We begin by walking through a series of hands-onillustrations to showcase some of the most commonthreats and attacks on web applications. Specifictopics include:

• Types of threats

• Network

• Host

• Application

• Threats against the application

• SQL injection

• Cross-site scripting

• Input tampering

• Session hijacking

• Threat Modelling

• Threat Modelling Process

• STRIKE Model

• DREAD Model

Part 2Once we have examined some possiblevulnerability, we focus on the various strategies andcountermeasures to protect our applications frombecoming another statistic. Topics include:

• Holistic Approach to Security

• Techniques on Defending the Network

• Techniques on Defending the Host

• Defending the Application

• Validating Input

• Accessing Data Securely

• Dynamic SQL Commands

• Parameterized Commands

• Usage of Stored Procedures

• The sa Account

• Creating a Limited Account

• Connection Strings

• Data Protection API (DPAPI)

• Building a DPAIP Library

• Securing Connection Strings

• Encrypting Connection Strings

• Encrypting and ACL’ing Connection Strings

• Windows Authentication

• Authenticating the ASP.NET Worker Process

• Granting Database Access to ASPNET andNetwork Service

• Defending the Application (Cont’d)

• Form Authentication

• Protecting Login Credentials

• Storing Login Passwords

• Salting Password Hashes

• Authentication Cookies

• Restricting Authentication Cookies to SSL

• Authentication Cookie Lifetime

• Limiting the Lifetimes of PersistentAuthentication Cookies

• ASP.NET View State

• Securing Session State

• Error Handling

• Logging Unhandled Exceptions

The techniques we use here are applicable to all web development projects regardless of development platformand language. Code examples for this talk will be provided in both C# and Delphi.NET.

Michael runs InfoCan Management Consultants Group (Canada) Inc, http://www.infocan.com. an independentconsulting firm based in Vancouver, specializing in enterprise, mobile and Internet solutions.

All places must be booked and paid for in advance, no later than Friday September 23rd.The cost to members of the Developers Group and other participating user groups is £175 + VAT.DG Members subscribing at a package rate are eligible to attend at no cost but must also pre-book.

Please remember that all phones, pagers etc must be turned off (or in silent mode) during DGevents and that the venues are not able to take messages for us.

The Developers Group Magazine July/August 2005 Page 6 return to index

www.thedelphimagazine.com

www.pentamid.co.uk Pentamid

Developers of Software & Electronic solutions

Pentamid offers a software, robotics and electronics development service. Pentamid’s clientsrange from very small British companies to large multi-national corporations. Our principalsoftware engineer, Susie Black, has been a Delphi developer since version 1, and has developedaward winning software. Susie was previously technical editor of the UK BUG magazine.

Our robotics expert is Dr Dave Keating. Dave was the chief designer of Hasbro’s interactiveR2-D2 robot toy which was voted “Most innovative and fun toy of 2003” in the USA.Microcontrollers and embedded firmware allow R2 to be voice controlled and play manygames. R2 is able to follow people using infrared and sonar sensors, but retails at only $99.

pentamid

tdm

brooks

The Developers Group Magazine July/August 2005 Page 7 return to index

Using IntraWebby John Evans

In 2002 I gave a presentation at a DDG/BUG meeting about a case study that I had built over the last twoyears that made use of the web broker and page producer components. In 2002 I watched the arrival ofthe Web Snap components…I came to a Masterclass and never touched them again. Then, during 2003, Icame to the Masterclass for IntraWeb, and really liked the look of what it could do. I decided to use it inanger on a project for a company I partly own.

This article is based on my presentation to the Developers Group in February 2005. It was not a “How to doit talk”, it was a “what I did talk”, containing my solutions to an eclectic list of problems. I should say at thispoint that if any of you know any of my assumptions to be incorrect, please do email me, I am not proud.

The website is www.face2facenetworking.co.uk. Please do have a look around it, watch the URL change, usethe back button (try to!), look at the images used in the menu and in grids…the article will make more senseif you have taken a brief look at the website. The reader is expected to understand some of the basics ofIntraWeb: I urge you to go a read up on it if you aren’t familiar with it.

Problem 1 - Form inheritanceAccording to the IntraWeb notes, it is not supported. I really needed it so I tried it anyway. It works just fine,and it is now more or less acknowledged as being supported.

Problem 2 - The datamoduleThis was a change of mindset for me; I am used to developing desktop applications. IntraWeb providessomething called the usersession form. Use this for your datamodule and all will be well.

Put all of your session variables in the usersession module. Since we were taking membership details, or bookingsfor events, the number of the session details got quite large. Making good use of the usersession modulemakes session control a breeze, and removes one of the biggest headaches from the web broker model.

Here is the code for when a member logs on. It demonstrates that various usersession properties are set forthe rest of the session:

Code Snippet 1

procedure TIWfrmMain.LogonButtonClick(Sender: TObject); //also in the baseformbegin usersession.qMember.Open; usersession.qNewCompany.open; if

usersession.qMember.Locate(‘usercode;password’,vararrayof([edusercode.Text,edpassword.Text]),[])then

begin if usersession.qNewCompany.Locate(‘pkey’,usersession.qMemberCompanypkey.AsInteger,[])

then begin usersession.isloggedon := true; usersession.pmemberpkey := usersession.qMemberpkey.asinteger; usersession.useremail := usersession.qMemberemail.AsString; usersession.logondate := datetostr(date); usersession.fullname := usersession.qMemberFname.AsString+’

‘+usersession.qMemberLname.AsString; IWRegionMember.Visible := true; IWRegionlogon.Visible := false; textWelcome.Lines[0] := usersession.fullname; end else webapplication.ShowMessage(‘Error with database, please email face2face’); end else webapplication.ShowMessage(‘Invalid usercode or password’);

end;

The Developers Group Magazine July/August 2005 Page 8 return to index

The base form and mainform also have the following OnCreate event:

procedure TIWFfrmBase.IWAppFormCreate(Sender: TObject);

begin buildmenu; if ((usersession.isloggedon) and (strtodate(usersession.logondate)=date)) then begin IWRegionMember.Visible := true; IWRegionlogon.Visible := false; textWelcome.Lines[0] := usersession.fullname; end else begin IWRegionMember.Visible := false; IWRegionlogon.Visible := true; end;

end;

Problem 3 - The back buttonOne of the great things about the IntraWeb model is that it manages session state so well. Unfortunately, thismakes the back button very difficult/impossible to use in a way that is conducive with the user’s existingexperience. The main problem with not having a back button is that every Internet user in the world is usedto it and is frustrated if they can’t use it. I had to consider how to navigate “back” wherever the user was.Explaining to users that not having a back button is actually quite a good idea does not go down well!

Problem 4 – Using ImagesOf course using an image in the IntraWeb image components is easy, but my web designer wanted morethan that. ‘Can’t we replace the clunky text in the grids and menus with nice images?’ Well you can, and it wasquite hard to work out. In particular I wanted the main menu to display a different image (orange instead ofblue) for the current page, so this list has to get built each time the page form is created. The menu is in aframe and the click event for the menu is:

Code snippet 2A

procedure TFrame2.menuClick(Sender: TObject; ItemIdx: Integer);var IWfrmMain:TIWfrmMain; IWfrmAboutUs:TIWfrmAboutUs ; IWfrmMembership:TIWfrmMemberShip ; IWfrmJoin:TIWfrmJoin ; IWfrmSearch:TIWfrmSearch ; IWfrmEvents:TIWfrmEvents ; IWfrmMemberspage:TIWfrmMemberspage ; IWfrmContactUs:TIWfrmContactUs;begin case Menu.SelectedIndex of //not showing all cases 0: begin usersession.menuitem := 0; IWfrmMain := TIWfrmMain.create(WebApplication); IWfrmMain.show; end; 1: begin usersession.menuitem := 1; IWfrmAboutUs := TIWfrmAboutUs.create(WebApplication); IWfrmAboutUs.Show; end; 2: begin usersession.menuitem := 2; IWfrmMembership := TIWfrmMembership.create(WebApplication); IWfrmMembership.Show; end; end; //case

end;

The Developers Group Magazine July/August 2005 Page 9 return to index

For the static menu, the onClick event has to be in the menu frame, but the creation of the images has to be inthe form AFTER if has been created.

Code snippet 2B

procedure TIWFfrmBase.buildmenu;begin menuframe.menu.Items[0].Caption:=’<IMG src=”/isapi/face2face.dll/Files/home.gif”>’; menuframe.menu.Items[1].Caption:=’<IMG src=”/isapi/face2face.dll/Files/about.gif”>’; menuframe.menu.Items[2].Caption:=’<IMG src=”/isapi/face2face.dll/Files/membership.gif”>’; menuframe.menu.Items[3].Caption:=’<IMG src=”/isapi/face2face.dll/Files/join.gif”>’; menuframe.menu.Items[4].Caption:=’<IMG src=”/isapi/face2face.dll/Files/search.gif”>’; menuframe.menu.Items[5].Caption:=’<IMG src=”/isapi/face2face.dll/Files/diary.gif”>’; menuframe.menu.Items[6].Caption:=’<IMG src=”/isapi/face2face.dll/Files/myhome.gif”>’; menuframe.menu.Items[7].Caption:=’<IMG src=”/isapi/face2face.dll/Files/contact.gif”>’;

case usersession.menuitem of 0: menuframe.menu.Items[0].Caption:=’<IMG src=”/isapi/face2face.dll/Files/

homeclick.gif”>’; 1: menuframe.menu.Items[1].Caption:=’<IMG src=”/isapi/face2face.dll/Files/

aboutclick.gif”>’; 2: menuframe.menu.Items[2].Caption:=’<IMG src=”/isapi/face2face.dll/Files/

membershipclick.gif”>’; 3: menuframe.menu.Items[3].Caption:=’<IMG src=”/isapi/face2face.dll/Files/

joinclick.gif”>’; 4: menuframe.menu.Items[4].Caption:=’<IMG src=”/isapi/face2face.dll/Files/

searchclick.gif”>’; 5: menuframe.menu.Items[5].Caption:=’<IMG src=”/isapi/face2face.dll/Files/

diaryclick.gif”>’; 6: menuframe.menu.Items[6].Caption:=’<IMG src=”/isapi/face2face.dll/Files/

myhomeclick.gif”>’; 7: menuframe.menu.Items[7].Caption:=’<IMG src=”/isapi/face2face.dll/Files/

contactclick.gif”>’; 99: //do nothing the page shown is not on the menu end; //case

end;

The reference to the image file location also has to be explicit for Internet Information Services (IIS), whichmakes local testing in the IntraWeb web server a real pain.

Problem 5 – Launching Separate PagesThere are two ways to launch a new browser page: one is to use the URL component, the other is to addJavaScript in the page ‘onload’ event.

We discovered that the JavaScript worked fine, except it is regarded by Norton Personal firewall (and probablyother things) as a pop-up and hence is blocked for many users. Of course the user doesn’t tell you this…theysimply tell you it just isn’t working.

To launch it from the URL meant that the page must already exist, but we wanted the user to see informationchanging from our site, for example the list and details of all people booked onto the next networking event.This would change every time someone booked for the event. So I went back to something I still hold dear,the PageBuilder component.

Code snippet 3

procedure TIWUserSession.qEventBookingAfterPost(DataSet: TDataSet);begin buildeventpage(qeventbookingguesteventpkey.AsInteger);end;

procedure TIWUserSession.buildeventpage(event: integer);var FileName : String; newFileLocal : TextFile;begin FileName := ‘D:\websites\face2face\attfiles\’ + inttostr(event) + ‘.htm’ ; AssignFile(NewFileLocal,Filename); usersession.qPrinteventdetails.Close; usersession.qPrinteventdetails.Parameters.ParamValues[‘peventpkey’]:=Event; usersession.qPrinteventdetails.Open; usersession.qPrinteventguests.Close;

The Developers Group Magazine July/August 2005 Page 10 return to index

usersession.qPrinteventguests.Parameters.ParamValues[‘peventpkey’]:=Event; usersession.qPrinteventguests.Open; if FileExists(FileName) then //reset(NewFileLocal) else Rewrite(NewFileLocal); Writeln(NewFileLocal,usersession.pgprintattendees.Content); closefile(NewfileLocal);end;

procedure TIWfrmEventAttendees.AttendeesButtonClick(Sender: TObject);begin WebApplication.NewWindow(lURL,’attendees’,600,800, [woscrollbars]);

end;

In my usersession, I have AfterPost events for the event booking queries. This makes sense because the pageis only rebuilt based on actual changes to the bookings. The filename uses the primary key value of the event,so the filename to look for is easy. I then use the PageBuilder component to rebuild a physical file on the webserver every time the bookings for the event change.

The URL link on the IntraWeb page is built whenever the page is opened, using the primary key value of theevent (to build the page variable lURL):

lURL:=’http://www.face2facenetworking.co.uk/attfiles/’+ inttostr(usersession.qEventDetailspkey.asinteger)+’.htm’;

Problem 6 – Office InterfaceOne of the things I wanted to do as members joined or booked an event was to send them an email. This ispretty simple (using the Indy components). Code snippet 4 should give you a flavour of how this can beachieved.

Code snippet 4 (heavily cut down to show the basics)

procedure TIWUserSession.SendEmail(emailaddr:string; emailtype:integer; bodytext:string);var attach:string;idattachment:Tidattachment;begin email.Body.Clear; //email is an idmessage component email.ReplyTo.Clear; email.Recipients.Clear; email.From.Address :=qparamsF2FEmailFrom.AsString; email.Sender.Address:=qparamsF2FEmailFrom.AsString; email.ReplyTo.Add.address:= qparamsF2FEmailReplyTo.AsString; email.Recipients.Add.address :=trim(emailaddr); email.Body.Add(qparamsF2FEmailHeader.AsString); case emailtype of 1: // Thanks for New Join begin email.Subject:=’Face2Face Membership’; email.Body.Add(qparamsEmailWelcomeMembers.AsString); email.Body.Add(‘’); email.Body.Add(bodytext); if usersession.qNewMemberGuest.AsString=’Y’ then else begin attach:=createInvoice(1); //see snippet 5 TIdAttachment.Create(email.MessageParts, attach ); end; end; end; mailsender.Username := qparamsSMTPUsercode.AsString; /mailsender is an idSMTP component mailsender.Password := qparamsSMTPPassword.AsString; mailsender.Host := qparamsSMTPIPaddress.AsString; mailsender.Connect; try mailsender.Send(email); finally mailsender.Disconnect; idattachment.Free; end;

end;

The Developers Group Magazine July/August 2005 Page 11 return to index

Next I wanted to build and attach an invoice. My first attempt was to use Word templates, mail merge andthe good old Office Partner components. This worked a treat locally; however deploying it under IIS wasanother problem. It gave all sorts of wacky errors [Ed. Technical Term]. It was not happy about the DCOMpart, and after weeks of frustration I read a posting from someone who said it would never work.

I looked around for an alternative. I bought the component set called edocEngine from Gnostice. Basically itcan translate Delphi created reports including those from ReportBuilder, into external formats like Excel,PDF or in my case RTF.

Here is the code for building the invoice:

Code snippet 5

function TIWUserSession.CreateInvoice(invType:integer):string;var i : Integer; ThisInvoice:string;begin qparams.Open; qparams.Edit; qparamsNextInvoice.AsInteger:=qparamsNextInvoice.AsInteger+1; qparams.Post; ThisInvoice := ‘D:\f2fdocs\invoice’+qparamsNextInvoice.asString+’.rtf’ ; gtRTFEngine1.FileName:= Thisinvoice; gtRBExportInterface1.Engine := gtRTFEngine1; if invtype=1 then begin Qsinglecompany.close; Qsinglecompany.Parameters.ParamValues[‘pkey’]:=usersession.qNewMemberpkey.AsInteger; Qsinglecompany.Open; //this query is used by the RB report//Exporting a ReportBuilder Report gtRBExportInterface1.RenderDocument(Repinv); ///repinv is the RB report end; result:=thisinvoice;

end;

Problem 7 – Worldpay InterfaceOver the course of this article, I have been building up to my biggest headache. I had never interfacedanything to Worldpay (or similar) before and it was conceptually quite challenging. I have to say the supportof Delphi developer John Hair was invaluable, so thank you John.

There are three stages/parts to the interface.

Stage 1Sending the information to Worldpay.

Code snippet 6(this is heavily cut down, and the instid.value has been changed to protect our bank account!)

procedure TIWfrmPay.PopulateWorldPayScript;var sl: TStringList; Year, month, day:word;begin sl := TStringList.Create; try begin TIWfrmPay(WebApplication.FindComponent(‘IWfrmPay’)).HiddenFields.Text := ‘instId=1’ + #13#10 + ‘cartId=1’ + #13#10 + ‘amount=1’ + #13#10 + ‘currency=1’ + #13#10 + ‘testMode=1’ + #13#10 + ‘name=1’ + #13#10 + ‘email=1’ + #13#10 ; sl.Add(‘document.SubmitForm.email.value = “‘ + UserSession.PayEMail + ‘“;’); sl.Add(‘document.SubmitForm.name.value = “‘ + UserSession.PayFullname + ‘“;’); sl.Add(‘document.SubmitForm.amount.value = “‘ + FloatToStrF(Usersession.TotalCost,

ffFixed, 18, 2) + ‘“;’); end;

The Developers Group Magazine July/August 2005 Page 12 return to index

sl.Add(‘document.SubmitForm.action = “https://select.worldpay.com/wcc/purchase”;’); sl.Add(‘document.SubmitForm.method = “POST”;’); sl.Add(‘document.SubmitForm.instId.value = “12345”;’); // ******* Your installation id sl.Add(‘document.SubmitForm.cartId.value = “‘ + Usersession.worldpayID + ‘“;’); sl.Add(‘document.SubmitForm.currency.value = “GBP”;’); sl.Add(‘document.SubmitForm.testMode.value = “0”;’); sl.Add(‘document.SubmitForm.submit();’);

btnWorldPay.ScriptEvents.Values[‘OnClick’] := sl.Text; //btnworldpay is a button finally sl.Free; end;

end;

Looking through code snippet 6, you can see that this is fairly easy. You can have the hidden fields definedas a form property but we have more than one case so we build on the fly. Keep in mind that the user hasactually left our site. Worldpay will process the transaction and either reject or accept it.

Stage 2I wanted the user to come back to the site, so I worked out how to use a Worldpay feature called redirect, asshown in code snippet 7:

Code snippet 7 (the URL called by the Worldpay redirect).

http://www.face2facenetworking.co.uk/isapi/face2face.dll?redirect=’12345’&transstatus=’Y’

(a part of the mainform OnCreate event) if checkforRedirect then begin doRedirect; end;

function TIWfrmMain.CheckForRedirect: Boolean;var sl: Tstringlist;begin Result := False; sl := TStringList.Create; try if (WebApplication.RunParams.Count > 0) then begin sl.text:= WebApplication.RunParams.text; if sl.Values[‘Redirect’] <> ‘’ then begin Result := True; Usersession.WorldpayID := sl.Values[‘Redirect’]; Usersession.OrderAccepted := sl.Values[‘transStatus’] = ‘Y’; end; end; finally sl.Free; end;

end;

We pass over a variable, unique to this transaction and get it passed back to us. This means we need tomodify Stage 1. Before we send the user to Worldpay we write a record to our database that includes ourunique transaction number, and any session data that we might need.

The Worldpay redirect function launches a URL that starts a new session of our IntraWeb ISAPI application.This session has no knowledge whatsoever of the previous session, so we need to pass it the parameters. Weinterrogate the IWMain form OnCreate event to see if it has a redirect parameter. If it has, we look up in ourdatabase to find out the session information that we had before we left the site. We then set the varioususersession variables as required. We now have the user back with us in their new session. [Ed. Magic!]

At this point I thought I was finished, but I was missing a big BUT, and John Hair patiently explained it to meabout ten times until the penny dropped. Here is the big “Gotcha”; please read it carefully.

The Developers Group Magazine July/August 2005 Page 13 return to index

Stage 3When the user is at Worldpay, there is no control over where they go next. So how does my database knowthat the Worldpay transaction was successful or not?

The answer is that Worldpay provides a function called callback. It invokes a URL to the IntraWeb applicationthat executes the ISAPI code, but is not visible (read this a few times). So a URL, similar to the redirect, (butpassing callback as the parameter) is called, and handled like this:

Code snippet 8

procedure TIWfrmMain.IWAppFormCreate(Sender: TObject);begin buildmenu; if checkforcallback then begin doUpdate; // this will get executed, then the application session closes exit; end; if checkforRedirect then begin IWRegionThanks.Visible:=true; doRedirect; end; if ((usersession.isloggedon) and (strtodate(usersession.logondate)=date)) then begin IWRegionMember.Visible:=true; IWRegionlogon.Visible:=false; textWelcome.Lines[0]:=usersession.fullname; end else begin IWRegionMember.Visible:=false; IWRegionlogon.Visible:=true; end;end;

procedure TIWfrmMain.doUpdate;var emailbody:string; eventbody:string;begin usersession.qWorldpay.open; // Get the OrderID for this order if UserSession.qWorldpay.Locate(‘pkey’,strtoint(usersession.WorldPayID),[]) then begin case usersession.qWorldpaytranstype.AsInteger of 1,2: begin usersession.qNewMember.Open; usersession.pmemberpkey:=usersession.qWorldpayuserpkey.AsInteger; if usersession.qNewMember.Locate(‘pkey’,usersession.pmemberpkey,[])then begin if usersession.OrderAccepted then begin if usersession.qWorldpayreferrerpkey.AsInteger=0 then else begin usersession.qAddReferral.Open; usersession.qAddReferral.Append; usersession.qAddReferralMemberpkey.AsInteger:=usersession.qWorldpayreferrerpkey.AsInteger; usersession.qAddReferralDateRef.AsDateTime:=date; usersession.qAddReferralDateJoined.AsDateTime:=date; usersession.qAddReferralNewMemberpkey.AsInteger:=usersession.pmemberpkey; usersession.qAddReferral.Post; usersession.qLookupmembers.Open; if

usersession.qLookupmembers.Locate(‘pkey’,usersession.qWorldpayreferrerpkey.AsInteger,[])then

begin emailbody:=’Dear ‘+usersession.qLookupmembersfname.AsString+ #13+#10+ ‘Thank you for referring

‘+usersession.qNewMemberFullname.AsString+ ‘ of ‘+usersession.qNewMemberCompany.AsString+ #13+#10+ ‘to face2facenetworking.’+ #13+#10+ ‘You are now entitled to £25 off your next annual subscription!’+

#13+#10+

The Developers Group Magazine July/August 2005 Page 14 return to index

‘You do not need to do anything else; the calculation will be madeautomatically when you renew your membership.’+ #13+#10+

‘Many thanks for your contribution!’+ #13+#10; usersession.sendEmail(usersession.qlookupMembersemail.AsString,3,emailbody); end; end; usersession.qNewMember.edit; usersession.qNewMemberpaidOK.asstring:=’Y’; usersession.qNewMember.post; emailbody:=#13+#10+’Your Membership number is

‘+inttostr(usersession.qNewMemberMembershipNo.AsInteger)+ #13+#10+’Your Usercode is ‘+usersession.qNewMemberUsercode.AsString+ #13+#10+’Your Password is

‘+usersession.qNewMemberPassword.AsString+#13+#10; usersession.sendEmail(usersession.qNewMemberemail.AsString,1,emailbody); end else begin usersession.qLookupmembers.open; if

usersession.qLookupmembers.Locate(‘pkey’,usersession.qWorldpayuserpkey.AsInteger,[])then

begin usersession.qLookupmembers.delete; end; end; end; end; end; //case end;

end;

In the first procedure we see some of the OnCreate event of the main form. If docallback is true (it will be), itexecutes the second procedure and then closes the application.

The second procedure checks the database to find the (same) session record, uses this to update the database tosay if the user paid or not, and if they paid, it then creates and sends the email (using the code seen earlier).

To summarise: ALL Worldpay transactions will execute a callback, some will execute a redirect. The callbackhappens automatically, the redirect only if the user clicks the appropriate button in Worldpay. Interestingly,when I presented to the Developers Group, several people had the same confusion as I originally did beforethe penny dropped.

SupportThere is no doubt that IntraWeb is a great idea with plenty of great features. It is also in its infancy in an areathat is changing fast. I found lots of faults, and lots of instability. AtoZed had a policy of issuing a fix releasealmost every month. This was a bad idea: there were several cases of one fix causing further faults, or re-introducing previously fixed faults.

I use the TMS components, which again have some great features, and have faults, but importantly are onlyqualified against specific versions of IntraWeb, so the whole fix upgrade process becomes more complicated.While it might be possible to use IntraWeb without third party components, I think a richness of content andease of use would be lost without them. The efforts of AtoZed support staff and the Team B members hasbeen to the usual high standard: they are just working in an area where they have so little control over theend user environment.

BrowsersThe single biggest area of ongoing problems is with browser incompatibility. Much of this site looks oddunder Firefox or Netscape. It has serious problems under Mac browsers. The technical response is often “Itis the fault of the browser, the browser implements non-standard xyz.” This may be true, but cuts no ice withusers who insist that they get on fine with most other web sites in the same browser.

Creating code examples to send to these guys to prove my problems is very complicated and time consuming,especially if the fault occurs on someone else’s machine, when it runs under IIS and looks fine to me.

The Developers Group Magazine July/August 2005 Page 15 return to index

ConclusionsI really like many of the features of IntraWeb. I really like that fact that it is so similar to developing desktopapplications. For anyone who has managed session control before, the ease of that now is wonderful.

If it is to compete with other development environments, it has to have the features that are offered by TMSand by Arcana as standard. Third party components should be nice to have as add-ons. I do not think this isthe case here. Commercial projects are therefore reliant on TMS as much as anything else. I would like to seeall three companies merged (or their IntraWeb parts), under funding from Borland, and to spend some timegetting what they have to be stable. I know this is unlikely; it is just my thoughts.

If I was to quote now for a client project where they wanted an intranet, with the browser choice controlledand the desktop environment controlled, I would immediately use IntraWeb. If it is a complex Internet project,I would not.

If any readers need a little more advice on any of these topics, then please email me on [email protected]. It gives me a chance to give back some of the support I have been given.

Linkswww.AtoZed.comwww.TMSsoftware.comwww.arcanatech.comwww.Gnostice.com

John Evans runs Clear Advantage, based in the Cotswolds. www.clear-advantage.co.uk

www.tdmweb.com

The Developers Group Magazine July/August 2005 Page 16 return to index

Mastering Borland Delphi 2005Forthcoming book by Marco Cantù, published by Sybex, due July 2005

Mastering Borland Delphi 2005 is the completely revised and updated edition of Marco’s Delphi programmingbook, and offers the most complete coverage of Delphi 2005 programming available anywhere (which iseasy to claim as this is the only book on the topic).

The new edition has a good amount of material on .NET programming, but retains also a solid coverage ofWin32 development, including all the new features of Delphi 2005 for Win32 (language, RTL, VCL...).

Table of Contents

PART I: Foundations• Chapter 1: Introducing Borland Developers Studio 3.0

• Chapter 2: The Platforms: Win32 and Microsoft .NET

• Chapter 3: The Delphi Language

• Chapter 4: The Delphi Language for .NET

• Chapter 5: DelphiWin32 Run-time Library

• Chapter 6: Architecture of the Visual Component Library (VCL)

• Chapter 7: Working with Forms

• Chapter 8: Building the User Interface with VCL (for Win32 and NET)

• Chapter 9: Delphi.NET Run-time Library and the Framework Class Libraries

PART II: Delphi Object-Oriented Architectures• Chapter 10: Refactoring and Unit Testing

• Chapter 11: Dynamic Architectures with Packages and Assemblies

• Chapter 12: .NET Interoperability with Win32 API and COM

Part III: Delphi Database-Oriented Architectures• Chapter 13: Delphi’s DB Architectures

• Chapter 14: Client/Server Development with the VCL Database Components

• Chapter 15: Using ADO

• Chapter 16: Using ADO.NET

• Chapter 17: Multi Tier Architectures

• Chapter 18: Enterprise Core Objects

Part IV: Delphi and the Internet• Chapter 19: HTML and HTTP Development

• Chapter 20: WebSnap and IntraWeb

• Chapter 21: The ASP.NET Architecture

• Chapter 22: Using XML Technologies

• Chapter 23: Web Services and SOAP

Appendices• Appendix A: Learning the Foundations of Delphi

• Appendix B: Add-on Delphi Tools

The Developers Group Magazine July/August 2005 Page 17 return to index

DG Member achieves ISO 9001:2000

certification

The Professional Contractors Group (PCG) has announced the ISO9001:2000 certification of member businessKIC Computing through its groundbreaking PCG (QS) scheme, which was designed specifically for smallconsulting and contracting businesses. This is the fourth certification since the scheme was introduced towardsthe end of 2004 and a further 83 businesses have completed their training and are preparing the documentationfor their quality management systems in preparation for the first audit.

Based near Market Rasen in Lincolnshire, KIC Computing was established in 1995 to provide a range ofinformation technology services, including bespoke software development, analysis and design, theconfiguration of network solutions and custom-built computer systems, and maintenance, upgrade andsupport services.

Managing director Ian Cumber is very pleased to have ISO9001:2000 certification for his company. “One ofour reasons for going through this process was to improve KIC’s standing and the perception of it in themarketplace,” he says. “Although the company specialises in bespoke software development, we find thatthere is little demand for these services within our current geographical location. We want to expand theconsultancy, website and IT support aspects of the business locally and feel that having ISO9001 certificationwill give us a competitive edge. We believe that our certification demonstrates our commitment; it showsthat we are not a ‘here today gone tomorrow - fly-by-night’ company and that we take our business and ourclients seriously. The process has certainly focused our attention on customer support service activities;asking a client to complete a satisfaction survey can prove both rewarding and eye-opening.

”We would like to have the chance of undertaking projects in the public sector, for local authorities, schoolsand colleges, for example, and ISO9001 certification is of course usually a prerequisite,” Cumber continues.“Also, we have had a long-standing relationship with a large research company that has a major presence inthe defence market and whilst there is no obligation right now for us to have IS09001 certification in order todo business with them, we believe that it will be only a matter of time before that becomes a mandatoryrequirement. We felt that it was important to seize the initiative and achieve the certification before reachingthis point.”

Congratulating Ian Cumber on KIC’s certification, PCG chairman Dr Simon Juden said, “We are really pleasedto see that our groundbreaking initiative - the first ever cross-sector scheme of its kind - is yielding positiveresults so quickly for our members. More and more public sector organisations and corporations in the UKand Europe are insisting that their suppliers have UKAS-accredited ISO9001 certification, and our aim withthe PCG (QS) scheme is to help freelancers to compete for business they would otherwise get nowhere near,as well as being able to demonstrate credibility and quality.”

About PCGThe Professional Contractors Group (PCG) was formed in May 1999 to protect and promote the interests ofthe freelance community.

PCG’s aim is to work for proper recognition of independent freelancers as a genuine and valuable sector ofthe economy, generating wealth and employment, providing industry with a flexible workforce. PCG is anot-for-profit organisation, which represents some 12,000 freelance businesses that pay an annual membershipsubscription. For further information: http://www.pcg.org.uk

About KIC ComputingKIC Computing is a family run company based near Market Rasen in Lincolnshire that specialises inconsultancy and the development of bespoke software and custom computer system solutions. Managingdirector Ian Cumber is a PCG member, and KIC Computing has FSB membership.For further information: http://www.kiccomp.co.uk

The Developers Group Magazine July/August 2005 Page 18 return to index

The Developers Group Magazine July/August 2005 Page 19 return to index

Delphi 2005 BDP DeploymentHow to deploy ASP.NET and WinForms BDP applications

by Bob Swart

In this article, I will explain and demonstrate the steps needed for the successful deployment of a Delphi2005 application using the Borland Data Provider (BDP) to work with databases.

Deployment of Borland Data Provider (BDP) ApplicationsThe techniques in this article apply to WinForms as well as ASP.NET Web Forms applications that use theBorland Data Provider. Since the deployment of an ASP.NET Web Forms application is a bit more complexthan the deployment of a WinForms application, I’ll use an ASP.NET Web Forms application as main example.One big difference is that a WinForms application doesn’t use the Deployment Manager, but the set of BDP-related files to deploy is the same.

ASP.NET Web Forms ExampleSince this article is about deployment, let’s not spend too much time on building an ASP.NET example. DoFile | New - ASP.NET Web Application - Delphi for .NET, which gives you the New ASP.NET Web Applicationwizard. Specify the name of the project, like DevelopersGroup:

Click on OK to create a new ASP.NET Web Forms project.

Go to the Data Explorer tab (in the upper-right corner of the IDE), and open the MSSQL node in the Providerstreeview. For this example, I’m using the Northwind database, for which I have an existing connectiondefined with a named user and password to login to the database (no Windows OS Authentication - see alsothe note at the end of this article).

The Developers Group Magazine July/August 2005 Page 20 return to index

We will use the ASP.NET web page to display a DataGrid with overview information from the Employeestable of the SQL Server Northwind example database. The SQL scripts to generate this example database canbe found on the MSDN website at http://www.microsoft.com/downloads/details.aspx?FamilyID=06616212-0356-46A0-8DA2-EEBC53A68034&displaylang=en

Open the SQL Server Connection node to the Northwind database, drag the Employees table from the DataExplorer and drop it on your Form.

This will automatically create a BdpConnection and BdpDataAdapter component in the non-visualcomponents area of the designer. Select the BdpDataAdapter and click on the Configure Data Adapter linkat the bottom of the Object Inspector.

On the first tab of the Data Adapter Configuration dialog, uncheck the Insert, Update and Delete SQLCommands options, and click on the Generate SQL button to regenerate the Select command.

Optionally you can go to the second tab to get a preview of the data. Then go to the DataSet tab and select aNew DataSet to put the result of the SELECT command.

Click on the OK button to close the dialog, and then set the Active property of the BdpDataAdapter to True.You will now have a BdpConnection, BdpDataAdapter and DataSet component in the non-visual componentsarea of the ASP.NET forms designer.

Now, place a DataGrid on the Form, and set its DataSource property to dataSet1, and its DataMemberproperty to Employees. Double-click on the Web Form area (below the DataGrid for example) to get to thePage_Load event in the Code Editor, and write the following line of code:

The Developers Group Magazine July/August 2005 Page 21 return to index

procedure TWebForm1.Page_Load(sender: System.Object; e: System.EventArgs);

begin if not Page.IsPostBack then DataGrid1.DataBind

end;

That’s it. You can add something more if you wish (see Dr.Bob Examines #52 for example at http://www.drbob42.com/examines/examin52.htm), but this is the basis of an ASP.NET project using the BorlandData Provider to talk to the Northwind database. The remainder of this article is only concerned about thedeployment of the project.

Delphi 2005 Deployment ManagerDeploying ASP.NET applications before Delphi 2005 was a process of collecting all .aspx files, the .asax,web.config, assembly itself and all related assemblies (most of which were mentioned in the References list,fortunately). For each new version of the ASP.NET application, you had to collect everything all over again,or find a way to automate the process. Delphi 2005 has done just that: it includes a Deployment Manager thatcan be used on ASP.NET or IntraWeb projects - and is flexible enough to be used in other situations as well(once you find out how, but that’s another story).

Go to the Project Manager, right-click on the Deployment node and select the “New ASP.NET Deployment”option. This will show the ASP.NET Deployment Manager page, listing all the files that are part of yourASP.NET project and need to be deployed. Or almost all these files, since you may notice that it doesn’tappear to list all required assemblies. Specifically, it doesn’t show the BDP assemblies in the screenshot below:

A way to justify this is to note that the BDP assemblies (like Borland.Data.Common.dll andBorland.Data.Provider.dll) are signed assemblies. Since ASP.NET doesn’t officially support assemblies signedwith a strong name to be deployed in the bin directory or a virtual directory, these officially need to bedeployed in the Global Assembly Cache. You may have to contact your ISP with regard to those deploymentneeds. However, as we’ll see in this article, it’s not really required (the application will also work withouthaving to access the GAC on the web server)

BDP AssembliesThe real explanation why the Borland BDP assemblies don’t show up in the Deployment Manager is becauseof the way they are referenced in our project. If you open up the References node for the DevelopersGroupproject, you’ll notice the Borland.Data.Common.dll and Borland.Data.Provider.dll assemblies. In order toadd these two assemblies to the project directory, we must right-click on them and set the Copy Local optionset to True (you can also do this in the Object Inspector by the way). As a result, when we compile theASP.NET project, these two assemblies will be placed in the target directory (right next to theDevelopersGroup.dll in the Bin subdirectory of the DevelopersGroup virtual directory).

However, adding Borland.Data.Common.dll and Borland.Data.Provider.dll is still not enough. As you mayremember, we use Microsoft SQL Server and a BdpConnection component connecting to SQL Server. Andyet the list of files doesn’t show a SQL Server specific BDP driver. The reason for that is the fact that the BDP

The Developers Group Magazine July/August 2005 Page 22 return to index

drivers are loaded dynamically based on their reference in the ConnectionString property of theBdpConnection component. This is the place where the reference is made to the Borland.Data.Mssql.dllassembly. In order to fix this, we should also add a reference to the Borland.Data.Mssql to our project, usingthe Add Reference dialog:

Note that other BDP assemblies also exist for InterBase, Oracle, IBM DB2, MS Access, etc. and also note thatthe version number is 2.2.0.0 (this is the version number you get after installing Update #2 for Delphi 2005 -the original version number of these BDP assemblies is 2.0.0.0).

After the reference to Borland.Data.Mssql is added, right-click on the new node to ensure the Copy Localoption is enabled, and then recompile the project. The Deployment Manager should now have a fairly completelist of files to deploy:

You can now connect to the deployment machine, and click on the “deploy new and changed files” button.It will then automatically copy or FTP upload all your new and modified files. That’s really a time-saver,especially in those deadline situations where all you want to do is focus on the changes you make to the code,without needing to worry about the actual files to deploy (so you will never accidentally forget to deploy anyfile that belongs to the project).

The Developers Group Magazine July/August 2005 Page 23 return to index

Deployment TestOnce all these files are deployed, you can start the application by specifying the address of the deploymentmachine and the name of the main web form. Obviously, SQL Server and the database itself must also bedeployed on the target machine (or on a separate database server), and you have to ensure that theConnectionString property is updated to connect to the database on the new location. I just want to focus onthe application and the required BDP-specific files now.

After we’ve deployed an ASP.NET application using the Deployment Manager as outlined above, we can tryto view an ASP.NET page that uses the BDP components to connect to the database. Unfortunately, an errormessage appears to tell you that not everything works fine.

And even worse: it’s not very clear from this error message what the problem is, since we get a so-called“user friendly error message”. These can be controlled using the customErrors node in the web.config file:

<!— CUSTOM ERROR MESSAGES

Set customErrors mode values to control the display of user-friendly error messages to users instead of error details (including a stack trace):

“On” Always display custom (friendly) messages “Off” Always display detailed ASP.NET error information. “RemoteOnly” Display custom (friendly) messages only to users not running on the local Web server. This setting is recommended for security purposes, so that you do not display application detail information to remote clients. —> <customErrors mode=”RemoteOnly”

/>

In order to see the error message, you need to change RemoteOnly to Off - just for a short while! Note thatthe value is case-sensitive; “off” will not do it.

Borland.Data.Mssql assembly referenceOnce customErrors has been set to “Off”, and the web.config file re-uploaded, reloading web form willproduce the following more useful error information: the located assembly’s manifest definition with thename Borland.Data.Mssql does not match the assembly reference:

The Developers Group Magazine July/August 2005 Page 24 return to index

If you read the detailed error information (not visible in the screenshot), you’ll notice the problem, whichseems to be in comparing the assembly name, resulting in a mismatch “Minor Version”. This problem is dueto the fact that I’m using Delphi 2005 Update #3, which - like Update #2 - uses version 2.2.0.0 of the BDPassemblies.

However, if you check the bdpConnections.xml or BdpDataSources.xml files on your development machine,you’ll notice that the BDP assemblies are still listed with a 2.0.0.0 version number. This is the version numberthat’s also used inside the BdpConnection components (specifically, their ConnectionString used to load theBDP assemblies). But since we’re deploying the 2.2.0.0 versions of these assemblies, the deployment servercomplains.

Our development machine doesn’t complain, since it contains a policy definition that allows 2.2.0.0 to beused when 2.0.0.0 is mentioned (without that, our pre-Update #2 Delphi 2005 projects still mentioning 2.0.0.0would no longer compile or work with the new 2.2.0.0 assemblies).

First WorkaroundOne workaround is to modify the 2.0.0.0 version number in the ConnectionString of the BdpConnectioncomponents, and change them to 2.2.0.0. Then, recompile the application, and redeploy to make it this errorgo away.

GAC SolutionAn alternative solution (brought to my attention by Peter Sawatzki) is to apply the assembly policies to thedeployment web server too. Unfortunately, the policy files are hidden in the Delphi 2005 Update #2, but youcan get the policy DLLs and config files from the GAC of your development machine by going to the\Windows\assembly\GAC\policy.2.0.Borland.Data.Common,\Windows\assembly\GAC\policy.2.0.Borland.Data.Provider, and\Windows\assembly\GAC\policy.2.0.Borland.Data.XXX(with XXX being the name of the database driver; DB2, Interbase, Msacc, Mssql, Oracle, or Sybase), andoptionally also the \Windows\assembly\GAC\policy.2.0.Borland.Data.DataSync directories. You need todeploy both the .dll and .config files from these directories to the GAC on the web server.

web.config SolutionHowever, often you do not have access to the GAC on the web server. In those cases, you need to copy thepolicy references from the .config files in the policy directories, and append them to the web.config file. Inour case, for the Borland.Data.Mssql assembly, we need to copy the contents of thepolicy.2.0.Borland.Data.Mssql.config file, and place it at the bottom of the web.config file (integrating theconfiguration tags) as follows:

The Developers Group Magazine July/August 2005 Page 25 return to index

<?xml version=”1.0" encoding=”utf-8" ?>

<configuration> <system.web> ... // normal contents of web.config</system.web>

<runtime> <assemblyBinding xmlns=”urn:schemas-microsoft-com:asm.v1"> <dependentAssembly> <assemblyIdentity name=”Borland.Data.Mssql” publicKeyToken=”91d62ebb5b0d1b1b” culture=”neutral”/> <bindingRedirect oldVersion=”2.0.0.0" newVersion=”2.2.0.0"/> </dependentAssembly> </assemblyBinding> </runtime>

</configuration>

After you’ve modified the web.config, you can redeploy the application, which will then give you anothererror message (the same error message that you will get if you apply any other of the mentioned solutions orworkarounds).

Missing bdpmss20.dllIt appears that the file bdpmss20.dll is also needed by the ASP.NET application. In fact, it is needed by anyapplication using the Borland Data Provider (if you use SQL Server as DBMS, that is). This was not the casefor Delphi 2005 ASP.NET applications before Update #2, but since Update #2, we need to deploy this additionalfile. Note that you may have got this error message even before the Borland.Data.Mssql.dll related assemblyreference error message – the order can differ from project to project.

The easiest way to fix this problem is to add bdpmss20.dll to the deployment set of files, by copyingbdpmss20.dll to the DevelopersGroup’s Bin directory on the development machine. Bdpmss20.dll can befound in the BDS\3.0\Bin directory - where the other bdpXXX20.dll files can be found as well - but not in theCommon Files\Borland Shared\BDS\3.0\Shared Assemblies directory. Copying bdpmss20.dll to the projectBin directory will add it to the list of deployment files in the Deployment Manager, so we can deploy it as well.

Once everything is redeployed again, the ASP.NET application will load and run just fine. No more errormessages related to the Borland Data Provider for .NET.

The Developers Group Magazine July/August 2005 Page 26 return to index

ASP.NET Database AccessOf course, you may still get an error about other missing assemblies (like the Borland.Data.Web.dll), butthese are no longer related to the Borland Data Provider, and should just be added to the list of files todeploy.

Another error message that you may encounter is a problem connecting to your database. When usingMicrosoft SQL Server you may get a message that tells you that NT NETWORK NT AUTHORITY/NETWORKSERVICE is not allowed to access the SQL Server database. The latter problem can be experienced whenusing SQL Server MSDE as database on Windows XP or Windows Server 2003. The error is due to the factthat MSDE by default only allows Windows OS Authentication to be used, yet an ASP.NET user runs underthe NT AUTHORITY/NETWORK SERVICE account which has no access permission to your databases. It’spossible to solve this problem by granting NT AUTHORITY/NETWORK SERVICE access to your databases,but a better idea is to avoid using Windows OS Authentication in the first place, and start using a specificlogin and password for your database. The only trouble is that MSDE by default only allows OS Authenticationto be used, unless you installed MSDE with the SECURITYMODE=SQL parameter, which most people don’tknow about until after they installed MSDE. With this parameter, MSDE will be installed with mixed modeauthentication: both Windows OS Authentication and SQL Server Authentication.

In order to turn on Mixed Authentication after you’ve already installed MSDE, you need to manually modifythe registry (at your own risk!). Assuming MSDE was installed as default instance, you need the registryvalue at HKLM\Software\Microsoft\MSSqlserver\MSSqlServer\LoginMode and change it (carefully!) from1 (Windows Authentication only) to 2 (Mixed Authentication).

Note that you need to restart MSDE to allow the new setting to become effective.

SummaryIn this article, I’ve explained and demonstrated how we need to deploy the Borland.Data.Common.dll andBorland.Data.Provider.dll as well as the Borland.Data.xxx.dll for the specific BDP driver, plus a bdpxxx20.dllfile (found in the BDS\3.0\Bin directory). Furthermore, we may need to fix the fact that the BDP driverversion number in the ConnectionString of the BdpConnection component is not equal to the actual BDPdriver version number (either by modifying the ConnectionString, or making sure the web server knowsabout the relevant BDP assembly policy, as I’ve shown in detail).

These steps have to be taken for any application (WinForms or ASP.NET Web Forms) using the BorlandData Provider to access databases. For ASP.NET applications you also need to ensure that you can access thedatabase correctly. Once you know the drill, it’s easy.

For an actual demo of these techniques, see http://www.eBob42.com/courseware where I’ve deployed myDelphi 2005 ASP.NET application selling Delphi 2005 courseware manuals online.

The Developers Group Magazine July/August 2005 Page 27 return to index

[email protected] www.blong.com

DG Stars at Microsoft’s Developer

Developer Developer dayMS recently hosted a day of technical sessions by developers for developers. Key to the organising team wasCraig Murphy, who also spoke as did Brian Long, Jim Cooper and Guy Smith-Ferrier. Here are some blogson the subject:

Benjamin Mitchell on Brian’s sessionThe highlight of the sessions for me was seeing Brian Long go through .NET debugging capabilities. heobviously had a command of the topic, managed to demo the command line debuggers for an hour withouta single typo and had a great dry sense of humour. he’s done a lot of talks with the Developers Group herein the UK, which came out of the Borland Developers Group. I love the fact that the .NET community hasbenefited from so many people with Delphi experience.

Benjamin is an independent consultant, Microsoft Regional Director and INETA Representative UK (INETA is theinternational association of .NET organisations, to which the Developers Group belongs and through whom you get

all those free goodies at our meetings).

Ian Smith on Guy’s, Brian’s and Jim’s sessionsGuy Smith-Ferrier gave a great talk (on FX Cop), albeit one confirming my suspicions that at this stage FXCop is probably more trouble than its worth. When the framework itself throws out so many errors (I'llrefrain from yet another rant about Microsoft quality control and its developers not following its own quiteclear guidelines!) it's hard to get enthusiastic about putting in the effort to reduce errors in one's own code -particularly when some of the default rules supplied contradict each other. Where Guy's talk really scoredwas in explaining how to write your own rules (there's no documentation on this and it's certainly notstraightforward). Guy's talk was insightful and free of marketing hype or Microsoft propaganda. Good stuffand he had a good 'internationalisation' example where he tried to enforce usage of his own class for startingup a new thread. Guy has a book out on Internationalisation later this year from Addison-Wesley, and afterthis talk it's one I've added to my 'must buy' list, as this guy clearly knows his stuff!

Brian Long's talk on Debugging was probably the talk that made my brain hurt the most, partly because itwas given in the dreaded 'post lunch and coffee break' slot, but also because watching and listening totalkthroughs of DOS-command window formatted hex dumps is always going to require serious concentration.That being said Brian, who focussed mainly on the usage of WinDebug, kept me awake throughout thewhole talkand his dry humour made this a really fun session. He clearly knew his stuff, and was keen toshare in a very clear and concise fashion. This talk was another highlight of the day for me.

Jim Cooper's talk on C# Programming for the Pocket PC was not a talk I'd meant to attend until the trackswitching occurred. If I'd never looked at PocketPC I'd have found this talk a fantastic, and very humorous,introduction to the Pocket PC. As an owner of a Pocket PC who's dabbled with very simple apps usingVisual Studio I didn't really learn anything new, and this was probably the most basic of all the talks Iattended, but Jim made sure it was never dull and I'm sure most attendees came away having learnt somenew useful stuff.

Ian Smith is an IT Consultant about whom I know nothing, except that he is obviously a person of taste and discernment.

The Developers Group Magazine July/August 2005 Page 28 return to index

Malware Identification,Isolation & Removal

What Is The Malware Threat?Computers are rife with malware (see below for definitions of this and related terms). Live Web servers,corporate servers, desktop computers and home office systems are all susceptible to the cunning and stealthof those who take advantage of back doors and security holes. Whilst not always destructive, malwarealways wants something it shouldn’t have, be it access to sensitive data such as passwords or the use of thefacilities of the host computer, for example disk space and Internet bandwidth.

Why Can’t I See Malware?Malware often sits undetected on systems that do not have the toolsets in place to spot them. In fact most ofthe current toolsets are ill-equipped to even observe the presence of the latest transparent breed of theenemy. Malware has a proclivity to literally “vanish” as soon as it is installed, thanks to very devious low-level techniques employed by those who construct it.

What Can Brian Long Do To Help?With his familiarity with the low-level operations of the Windows platforms, Brian Long is ideally suited tolocate, identify and then eliminate even the stealthiest of hacker software. Brian is adept at the disposal ofadware and spyware, along with invisible malware.

A client recently experienced unexpected TCP/IP activity on a live Web server with no trace of anything elseout of the ordinary observable on the system. With the only machine access provided through Windows XPRemote Desktop, Brian proceeded to lure the malware into announcing itself, and was then able to de-cloakit and successfully cleanse it from the system.

If you suspect malicious software is on your system, if you know it is there but cannot find it, or if you wantyour system checked to be sure, Brian Long can provide what you need. It can be a lot less painful and a lotless costly than wiping a system and setting it up from scratch.

Glossary of Related TermsAdware Advertisement software

Software that provides tailored advertising, typically in the form of browser popups and sometimes inadditional search toolbars, hijacked home pages, butchered TCP/IP host definition file and so on.Adwareis typically installed through the installation of other software, such as peer to peer file sharing software.Whilst almost always undesirable, the license agreement that most people skip at the start of installationwill usually mention that additional software that is “designed to enhance your online experience”, orsimilar nonsense, is being installed. Consequently adware is often installed legitimately in this way.

Spyware Spy softwareSoftware that gets installed on a system and transmits information to a remote site via the Internetconnection without the user’s knowledge. This typically includes information on sites browsed, themachine’s IP address and system information.Spyware is typically installed through the installation ofother software, such as peer to peer file sharing software. Whilst almost always undesirable, the licenseagreement that most people skip at the start of installation will usually mention that additional softwarethat tracks file and web site usage is being installed. Consequently spyware is often installed legitimatelyin this way.

Malware Malicious softwareOther than the well known form of malicious software, such as the virus or trojan horse, malware iscommonly installed onto systems through backdoors opened through Windows security loopholes andexploits. It will often use additional software to disappear completely from view (from the Windowsregistry, file system and Task Manager) and typically uses the host computer’s facilities, such as networkbandwidth and disk space, for its own benefit.

Hackware Hacker SoftwareA collective term for all this type of stealth-oriented software, that gets installed using clever, complicated,or downright underhand techniques.

adve

rtise

ment

The Developers Group Magazine July/August 2005 Page 29 return to index

The Art of Project Managementbook review by Craig Murphy

(originally written for Scottish Developers)

Author Scott Berkun, published by O’Reilly in May 05, 500 pages, RRP £28.50 (£19.95 + p&p from Amazon)

IntroductionWeighing in at a little under 500 pages, sitting at an inch thick, The Art of Project Managementmakes for a good travelling companion. Its sixteen chapters are split into three sections: Plans,Skills and Management, each containing five chapters.

If you think that this is just another book about project management, I urge you to read on. Thisbook is about project management, but you won’t find any project plans, PERT charts, Ganttcharts or any form of methodology-specific advice.

What you will find is a very readable and well structured collection of chapters that offer you material thatgenerally doesn’t make it into books about project management. I’m talking about the “soft” skills that aproject manager needs in order to make progress. But these aren’t just skills that project managers need,anybody involved in the project needs them too. So please, read on and learn how you can become a bettercitizen in the project(s) that you are involved with.

Chapter Titles1. A brief history of project management (and why you should care)

I. Plans

2. The truth about schedules3. How to figure out what to do4. Writing the good vision5. Where ideas come from6. What to do with ideas once you have them

II. Skills

7. Writing good specifications8. How to make good decisions9. Communication and relationships10. How not to annoy people: process, email, and meetings11. What to do when things go wrong

III. Management

12. Why leadership is based on trust13. How to make things happen14. Middle-game strategy15. End-game strategy16. Power and politics

What’s in the Chapters?

Chapter 1: A brief history of project management

You shouldn’t be surprised to learn that this chapter positions project management using a variety of historicalreferences stemming back to the pyramids of ancient Egypt and reaching forward to modern-day projects such asthe Hubble telescope and the Boeing 777. Clearly we can learn from successful projects past and present.

The role of project management in general is covered as is the role of project management with Microsoft.Since Berkun is himself a former Microsoft employee, it is fair to say that we’re going to be reading abouthow projects are managed within Microsoft and hear all about their war stories. We’re all familiar with a lotof Microsoft products, so why not let the author tell us how they came to be on our desktops?

The Developers Group Magazine July/August 2005 Page 30 return to index

Early reference to Tom Peters work (Pursuing the Perfect Project Manager) sets the scene for the rest of thebook. We are treated to a plethora of quotes and references to de facto authors and publications. You areencouraged (by me at least!) to follow up these references if you wish to learn more. Berkun makes use ofother authors’ work in order to make his point and keep his page count down.

As a project manager, it’s a balancing act that involves being able to combine traits, skills and attributeswhilst carefully factoring in pressure and distraction. Getting the mix between process, goals and activeinvolvement is important if project managers are to create unique value. Berkun tackles these last twosentences with a simple checklist based on Tom Peters’ original work. He adds weight to his discussion withreference to Fred Brooks (The Mythical Man-Month).

This chapter’s summary left its mark on me: “If you keep a beginner’s mind, you’ll have more opportunitiesto learn”. How true.

Chapter 2: The truth about schedulesBerkun opens with the sentence: “People tend to be late”. He follows this with recognition that tardinessdoesn’t limit itself to private/social lives, it makes its way into the commercial/corporate environment too.Berkun goes on to discuss the need for scheduling and the importance of being sceptical during the initialschedule creation (as opposed to being optimistic which seems to be the accepted norm).

Early mention of ‘agile’ and eXtreme Programming (XP) caught my attention. It’s good to see agile and XPmaking it into what could be considered the mainstream publishing market. Similarly, Berkun is quick topoint out that risks should be explored as early in a project as possible.

Berkun’s writing approach is open and frank – he does not write ten words when only two will do. Hishonesty shines through and were it not for this, I believe that this book would have been twice as thick. I waspleased to see a great number of “thoughts that I usually keep to myself” actually written down such as:“Programmers should be trusted”: if your brain surgeon told you the operation you need takes five hours, would youpressure him to do it in three?

It is necessary to obtain project team “buy-in” to schedules. Berkun recognises that this does not happenoften and includes “ownership and commitment” in a list of common oversights. Interestingly, some of theoversights are items I have previously been asked to remove from my schedules (such as sick time). Checklistsplay a major part in this book – typically each checklist item is described using a bullet point and a fullparagraph of explanation. You are encouraged to adopt and adapt the checklists in your own work.

This isn’t a chapter that teaches you how to prepare a detailed schedule. Instead, it’s a chapter about whatpurpose schedules serve, what they look like and why schedules so often fail. You won’t find a PERT chartor a Gantt chart in this chapter, something that this reviewer finds refreshing. What you will find however,are simple “hand-crafted” (electronic, but made to look that way) diagrams lightly populating this chapter.Like the remainder of the book, there is a lot of reading, however Berkun’s writing style is gentle, well laidout, and contains a mix of small case studies that set the scene for the surrounding paragraphs.

Chapter 3: How to figure out what to doSoftware planning is an emotive topic. Berkun controls the emotion with the early introduction of a lengthyquotation from software planner extraordinaire, Fred Brooks (The Mythical Man-Month). This theme, theprovision of a quotation, stands true for all the chapters and provides a good “scene setter” that usually actsas encouragement to read the rest of the chapter.

We are presented with four typical planning deliverables: a marketing requirements document (MRD), avision/scope document, specifications and a work breakdown structure (WBS). The first three are likely tobe very analogous to artefacts you may have in your organisation. The WBS means something different tome; Berkun uses it to record a prioritised list of work items, who will work on the work items, how the workitems can be tracked, etc.

This chapter’s key learning point stems from a good discussion of a project’s three primary drivers: technology,business and customer. I was pleased to see a discussion that gives the customer at least equal weighting –all too often their involvement in a project ends after the requirements have been gathered. Each of theprimary drivers is explained and is augmented with the author’s own experience. Each of the primarydrivers enjoys a checklist of important questions that often go unasked or are answered using assumptionsrather than reality – my favourite is: “What do people actually do? (Not what we think they do or what they say they do.)”

Berkun presents us with a “catalogue of common bad ways to decide what to do”, all of which are drawnfrom his personal experience. Whilst these are eminently familiar, they are slightly tongue-in-cheek (butthey do help firm home the point).

The Developers Group Magazine July/August 2005 Page 31 return to index

It’s worth noting that this author likes to keep things simple and breaks product development into fourphases: initial planning, design, programming and testing. That’s not to say that the content of this book isaimed directly at traditional or waterfall project management approaches, even agile and iterative developmentapproaches incorporate these four phases across iterations.

The “planning phase” is only complete once all of the planning deliverables (MRD, vision, specifications andWBS) are complete. A “waterfall” model is used to document the interaction between each of these. Initially,interaction between each of these deliverables is permitted. As time goes by, Berkun suggests that interactionis limited to the specifications, i.e. activities that are near the bottom of the waterfall.

Once planning is complete, this chapter focuses on how requirements can be brought together, problems areturned into solutions/scenarios and feature lists are drawn up to form a vision document.

This chapter makes reference to other seminal works, Exploring Requirements: Quality Before Design(Weinberg & Gause) and Writing Effective Use Cases (Cockburn) demonstrates that this author wishes tokeep his text focused and meaningful. Over the course of this book, some 90 outside references are made;these are brought together in a “Notes” section. When I receive a new book, I often go straight to this section – alot can be gleamed from the work an author makes reference to. I’m pleased to report that Berkun makes referenceto some of the best authors from a wide range of industries, not just software and not just project management.

Chapter 4: Writing the good visionThe five key attributes of a good vision document are covered: Simplifying, Clear Intent, Consolidated,Inspirational and Memorable. These attributes should largely be self-explanatory; indeed the last two shouldalso be eye-openers for most readers…can you remember the last time you read an inspirational visiondocument? That memorable? These are five good attributes that the author explains in a succinct fashion,free from any waffle. This chapter goes on to provide an excellent list of key points that a vision documentshould cover, presented as a list of questions.

Berkun makes an excellent statement: “The project manager should seek out the smartest and most scepticalmembers of the team, and enlist them to poke holes in the logic and supporting arguments behind keystatements.” The easy route isn’t an option: the smart sceptics are folks most project managers shy awayfrom because they create work instead of facilitate work: sometimes grabbing the bull by the horns is thebetter option.

I was glad to see a few words about “On writing well”. It is hard to be simple (in writing), it does require oneprimary writer (to maintain style throughout) and volume is not quality. Think back to the last visiondocument you read/wrote, did it satisfy the five key attributes mentioned previously? How many pageslong was it?

A “catalogue of lame vision statements” provides us with four clear examples of vision statements that areclearly rather poor. Again, these are somewhat tongue-in-check, but they do give clear advice on what not todo. This chapter wraps up with a few examples of good visions and goals. The key takeaway is that single-sentence visions should be to the point, be goal-driven and be achievable.

Chapter 5: Where ideas come from

Berkun is a firm believer that requirements (of high quality) help avoid mistakes. He backs this up with theprovision of five common mistakes. Whilst not stated implicitly, I felt these common mistakes actually forma “refinement iteration” that harvests inspiration and leads to clearer requirements.

Given a good set of requirements, design exploration takes us through what makes up a good idea and whatmakes up a bad one. Berkun has little good to say about the phrase: “there are no bad ideas”. By “bad idea”,he really means the “awful, horrible, useless, comically stupid and embarrassingly bad ideas”…it’s all aboutdefinition: I choose to define a bad idea as one that might solve the problem in hand, but one that mightcause further problems downstream.

Luckily, Berkun realises that given a collection of ideas it is difficult to weed out the good from the bad,particularly as the value of an idea is very difficult to judge. Further, he recognises that sometimes we haveto spend time with bad ideas when he writes about “Bad ideas lead to good ideas”. Indeed, there is clearrecognition that making mistakes and working with bad ideas can help us arrive at a good idea. As IBM’sTom Watson once said: “If you want to succeed, double your failure rate.”

“Good questions attract good ideas” reminded me of my days on a helpdesk – ask the right (good) questionsand even the most non-technical person will provide good answers that leads to his/her problem beingsolved much sooner. To help us ask/identify better questions, Berkun discusses how we can ask morefocusing, creative and rhetorical questions.

The Developers Group Magazine July/August 2005 Page 32 return to index

Chapter 6: What to do with ideas once you have themSo far, The Art of Project Management has been an excellent read. Sadly, with this chapter, I struggled torelate to the examples and the narrative. That said, this chapter does have a good discussion about the useof prototypes. Recognising that “design is an exploration”, sometimes the only way to move explorationforward is to promote a design to a prototype.

Berkun explains where prototypes start (picking a candidate design or idea) and prototyping with and withoutuser interfaces. Berkun explains that prototypes serve to reduce risk and surface new risks, two things thatcan help a project and a project manager. I was pleased to see Berkun promote prototypes as being good forthe programmers – prototypes convey an indication that a design has been thought through and hasn’t justbeen picked at random from a set of viable designs.

This chapter closes with a look at open-issues lists. I was pleased to learn that Berkun uses “visible open-issues lists”, typically using a white-board. Making project information highly visible is a useful trick toadopt. Firstly, the whole project team can see where progress is being made and where it’s not. Secondly,those folks who stop by looking for a progress update can be directed to the whiteboard. It can be a greattimesaver! Surfacing a project’s “data” and progress is something all projects should do, there should be nosecrecy, honesty is key.

Chapter 7: Writing good specificationsAccording to Berkun, specifications should do three things for a project. Specifications should: ensure thatthe right product gets built, provide a schedule milestone and enable review/feedback. Like most chapters,a useful checklist is provided – in this case a checklist of what specifications can and cannot do. I wassuitably impressed with the frankness proffered by this author: specifications are frequently used to reduceor eliminate discussions (as in “you’ve got a specification, why do you need another discussion?”)

Being methodology-agnostic, this book has to home in on the key points that make a good specification. It isrecognised that specifications must incorporate and consolidate all requirements, feature specifications,technical specifications, work-list items, test criteria and milestone exit criteria.

Simplification of specifications is an important point, and one this author makes when by the provision ofseven specification writing tips. My favourite tip was: “Don’t fall in love with Visio or flowcharts”. Sometimeswe can overuse a diagramming tool to the extent that it actually clutters a specification. Berkun’s Microsoftinfluence shines through in this chapter, even to the point that what used to be Microsoft-specific jargon“spec complete” (hence McConnell’s book Code Complete) appear in this chapter.

Chapter 8: How to make good decisionsThis is a subject close to my heart. Over the course of 24 pages, a decision is dissected revealing a complexbeast, and a beast that Berkun teaches us to tame to our advantage. From the point where a decision becomesa meta-decision, i.e. a decision that affects one or more sub-decisions, through to the point where previousdecisions are examined thus revealing betters ways of doing things, this chapter guides us carefully thoughthe lifetime of a decision.

Chapter 9: Communication and relationships

This is an excellent chapter that deals with two key facets we all should pay attention to, not just those of usin a project management role. Without good communication and solid relationships, we are lost. Berkunpresent us with a basic model of communication whereby e-mail/information moves through five states:transmitted, received, understood, agreed and converted to useful action.

Seven common communication problems are noted and discussed, each problem receiving one third of apage. The problems covered are: assumption, lack of clarity, not listening, dictation, problem mismatch,personal attacks and derision/ridicule/blame. A very salient quote is appears during the discussion about“not listening” – it sums up the need for good communication and good relationships: “They actually listen tome, instead of just waiting for their next chance to talk”. That last quote came from the film Fight Club – thisauthor’s interjection of salient quotes throughout each chapter keeps the book eminently readable and ensuresthat the reader does not tire.

I was delighted to see a good discussion about “how to get people’s best work”, and it got off to a good start:“Good leaders rarely force people to do anything”. A further eight points go on to provide excellent adviceon how to elicit good work. Related to the “not listening” communication problem noted earlier, I was gladto see “follow advice” listed. The easiest way to get folks to do good work is to find out what’s bugging themand solicit their advice/solution…then implement it.

This chapter concludes with a look at the subject of motivation and it makes use of my favourite phrase:“move the project forward”. A chapter covering communications, relationships and motivation, you couldn’task for more.

The Developers Group Magazine July/August 2005 Page 33 return to index

Chapter 10: How not to annoy people: process, e-mail and meetingsThis is my kind of chapter. I’m sure that we can all remember reading an e-mail that either frustrated orannoyed us – but why did it cause an annoyance? This chapter provides five summary points answering thisquestion. According to Berkun, we become annoyed because other folks assume we’re idiots, don’t trust us,waste our time, manage us without respect or make us listen to or read stupid things. Well, that hits the nailon the head.

Berkun then goes on to discuss the subject of process. I was impressed with brashness and terseness used inthis chapter: “any idiot with enough authority can come up with the most mind-numbingly idiotic system”.Why mix words and why write paragraph after paragraph explaining the effects a bad process can have ona project team?

I was similarly impressed with the acceptance that what worked in the past should work now in the present.All scenarios are different and it is important to consider the new scenario fully, before rolling out an oldprocess: “emphasise the needs of the present over the observations about the past”. Nicely put.

This chapter goes onto present examples of good and bad e-mail messages. It laments about the fact we alldon’t write good e-mail all of the time and offers simple advice: be concise, simple, direct, offer an actionand a deadline, prioritise, don’t assume people read anything, avoid sequences of events and avoid FYIs.But, and this is very important, Berkun’s last piece of advice is to use the telephone – well said, nothing isbetter than a conversation.

Meetings are the bane of most projects – this chapter finishes off with an examination of how best to run ameeting. Berkun’s “meeting pointers” wrap up this chapter nicely. Mention of Scrum, stand-up meetingsand Scrum’s three questions (What have you done since the last meeting? What are you going to do beforethe next meeting? What is blocking you?) was a pleasant and welcome surprise.

Chapter 11: What to do when things go wrong “No matter what you do, things will go wrong”. Accept this fact and you’re well on the way to becoming agood project manager. How you deal with something going wrong is the subject of this chapter.

In keeping with other chapters, a checklist offering advice on how to deal with “when it goes wrong” ispresented. One of the checklist items caught my attention, or rather its footnote did. During a discussionabout “calming down”, Berkun recognises that humans need to express their emotions. When somethinggoes wrong in a project, taking the time out to work out those emotions is very important (perhaps you usea shoot’em up to iron out emotion and tension?)

This chapter goes on to present a further checklist outlining the situations that cause projects to go wrong insome way. Once something has gone wrong, the subjects of damage control, conflict resolution and negotiationare discussed. These might sound like obvious topics to discuss in a chapter like this however Berkun bringsthese topics to life with good use of examples and reference to other authors.

The remainder of this chapter presents an “emotional toolkit”, which might sound like an odd thing toinclude in a book about [the art of] project management. This is what sets this book apart from other traditionalproject management books: it dares to be different and it includes material more commonly found in self-help books. That should tell you something about this book: it’s not just about project management, it’sabout people management – and without good people, projects fail.

The emotional toolkit has a discussion about pressure and explains why we all need the right kind of pressurein order to make progress. It also covers feelings and presents a brief discussion about how a project managershould learn to recognise that other people’s emotions may not be directly related to the actions you havetaken. Wise words, the importance of understanding “the bigger picture” springs to mind, i.e. don’t considerfeelings in isolation.

Chapter 12: Why leadership is based on trustTwelve chapters in and I am becoming more and more enlightened by Berkun’s dictionary definitions at thestart of most chapters (“trust” for this chapter), and the third party quote that follows it: “Trust is at the coreof all meaningful relationships. Without trust there can be no giving, no bonding, no risk-taking”.

Over the course of this chapter, we are taught that trust is built through commitment and that it is lostthrough inconsistent behaviour. We also learn that trust should be defined; employees should be given alevel of authority to make decisions, i.e. trust and authority should be delegated.

The rest of this chapter provides a good discussion about trust, what to do when people make mistakes andfeedback processes. I was particularly interested in Berkun’s statement that “trust is insurance againstadversity”. Getting people to work with others in a cooperative fashion is important, if the environment islacking in trust, people will work in spite of each other.

The Developers Group Magazine July/August 2005 Page 34 return to index

Chapter 13: How to make things happen

What skills do project managers have or need in order to make a project run smoothly? The answer issimple: “the ability to make things happen”. We can argue all we like about the other skills we think aproject manager needs, but it all boils down to this one key skill. That said, how we make things happen isthe subject of this chapter and one in which we find some of this author’s key insights.

This chapter opens with a discussion about priorities and lists. Berkun presents us with the notion that “listmaintenance” is something that helps us get things done. Whilst this outlook is possibly simplistic, I had myeyes opened when I sat down and thought about my most recent project and what I did most of. Oddlyenough, I spent a lot of time juggling lists of prioritised work items. Considerable emphasis is put on prioritisedwork items (particularly priority 1 items), and rightly so: they help focus the mind and thus drive the projectforward, a point not missed by this author.

We all struggle to say “no”. Don’t fool yourself, we do struggle. When you come out of denial, you’ll bepleased to be treated to some good common sense ways of saying no, such that it is for the good of theproject. You may already have mastered the art of saying “no”, but if you haven’t, Berkun provides us witha list of the main methods of saying “NO!” along with good examples of how to apply the method.

Given that this is Berkun’s first book, I was impressed to see that he wasn’t afraid to use real blasphemousEnglish. For example, on page 343 we find “Calling bullshit makes things happen”. Sometimes you justhave to tell it how it is, or in this author’s lingo: “keeping it real”. Maintaining a sense of reality on a projectis important,

Under the heading of Guerrilla Tactics, the notion of being savvy is taken to the next level. We are presentedwith eleven tactics that can be adopted in order to help get things done or make things happen. Some ofthese are enlightening, and you should buy this book if you want to learn more. One that you might bepracticing already or at least be aware of is the tactic of getting out of the office, away from your desk,working from home, or as Berkun puts it: “hide”. Hiding is becoming much easier these days, especiallywith the power of wireless networking – hiding in famous coffee outlets is a reality!

Chapter 14: Middle-game strategy

This chapter and the next take their titles from the game of chess. Here we are 358 pages in and now we startto discuss tactical project management. What came before this was a great discussion about the softer side ofproject management, the people skills. Now that the word “game” has entered the equation, we can be surethat this chapter (and the next) are going to cover how best to play the project management game. Andthat’s what it is, a game that consists of a series of well though out moves taking us from project opening toproject completion.

With the briefest reference to C programmers and the assert() method, this chapter focuses on sanity checks.It presents us with a list of questions that we should ask ourselves daily, weekly and monthly – each with aview to keeping the project on track and ensuring that you as project manager make the right moves.

Middle-game work revolves around planning and the appropriate sequencing of task or work item allocations,or pipelining according to this author. Management of change also figures in this chapter with the authorborrowing the commonly used design change request (DCR) terminology.

Chapter 15: End-game strategy

This chapter presents a very neat analogy that the author uses to help us understand how to drive a projectto finish on time. The analogy is that of landing an aircraft. Landing an aircraft requires a smooth glide path,which when graphed appears to be a straight line. In reality, it is a series of very small manoeuvres, just likea project moving from a start date to an end date.

Charts and other visibility indicators play a major part of this chapter. What I like about Berkun’s charts andgraphics is their simplicity. Folks don’t like or understand complicated charts, they prefer the informationpresented in the chart to jump out at them. A lot of projects would enjoy morale gains, performance gainsand schedule gains if Berkun’s charts were adopted.

Interestingly, mention of eXtreme Programming (XP) again makes it into this chapter, with a reference to thecustomer becoming more involved. Rapid feedback is important, and who better to provide that feedbackthan the customer, the final arbiter in the equation. Berkun rightly notes that bringing a customer into aproject for the first time can be difficult but does emphasise that it has massive pay offs downstream.

The Developers Group Magazine July/August 2005 Page 35 return to index

Chapter 16: Power and politicsSo, you’re not political? I have news for you: project management involves politics. No matter how hard youtry to avoid it, you will ultimately become embroiled in a political situation regarding your project. It’salmost like life and death: a certainty. And it is this reason why Berkun chooses to devote an entire chapter,some 30 pages, to the topic.

Politics revolves around power and the misuse of power. Understanding where power (in a project) comesfrom can help us learn how to harness it and use it to the project’s advantage. Berkun refers to ThomasQuick’s Power Plays, noting the sources of power mentioned there. He then goes on to discuss how powercan be misused, i.e. to the detriment of the project. Good use of Venn diagrams helps to convey the importanceof finding the sweet spot or spots that highlight the areas of power that are good for the project (i.e. theoverlap between “what’s good for me/my team”, “what’s best for the project” and “what best for team X”).

If ever you were stuck for solutions to your political problems, Berkun’s final section provides you withsome 12 pages of advice. You probably already know that you need more resources, more authority, moreinfluence, adjustment of goals and advice, this last section talks you through the tactics required to alleviateyour political problems.

Should you buy this book?You should buy (read and implement!) this book if you wish to become a project manager or are an existingproject manager wishing to become better or if you wish to take on a role that involves working with people.It is a book littered with common sense that will help move your projects forward and move your relationshipswith your direct reports and your family/friends to new levels.

If you enjoy reading books that are aligned with your way of thinking, yet still they manage to provide youwith new and improved ways of doing things, this book is for you. Similarly, if you’re wondering whatproject management is all about, this book should be your first port of call.

ConclusionsThis is Berkun’s first book and with it he joins a short list of cult authors including, but not limited to: SteveMcConnell (Code Complete, Rapid Development; After the Gold Rush), Frederick P. Brooks (The MythicalMan-Month) and Jim McCarthy (Software Project Survival Guide, Debugging the Development Process,Dynamics of Software Development).

When recruiting new staff I often ask them the question: “Have you read McConnell’s work?” Thoseinterviewees who do not know who McConnell is, or cannot even name the books are removed from theshortlist. I would like to think that one year from now I will be able to ask: “Have you read The Art of ProjectManagement?”

Finally, we have a book that doesn’t just teach project management, it teaches the art of project management– this book teaches you the people skills that are required to bring projects in successfully. More importantly,it is a portable book of common sense – it should be required reading for those folks on a project andanybody who has interaction with the project team, e.g. upper management, sponsors, CEOs, CIOs,information providers and even customers.

Overall Book Rating5/5: Must Read. I don’t normally rate anything 5/5 – mainly because it suggests that there is little more thancan be done to improve the work being rated. This book isn’t without a few niggles, however I struggle tofind major fault with it.

Useful ResourcesScott Berkun’s web-site: www.scottberkun.com

Sample chapter: http://www.oreilly.com/catalog/artprojectmgmt/chapter/ch03.pdf

Craig is a regular contributor to The Delphi Magazine, the DG magazines and has writtenfor ASPToday, International Developer and Computer Headline. Craig is a foundermember of Scottish Developers and works closely with Agile Scotland. He played amajor part in the organisation of the UK’s first DeveloperDeveloperDeveloper event.

His specialisations include SOAP, web services, XML, XML Schema, XML Topic Maps,XSLT, Delphi, and C#, Test-Driven Development (TDD) and eXtreme Programming (XP).Craig is a Certified ScrumMaster (CSM), Microsoft Most Valuable Professional (MVPXML Web Services) and holds an Honours degree.

The Developers Group Magazine July/August 2005 Page 36 return to index

Delphi 2005 training course on DVDwin a free copy

KeyStone Learning Systems has announced a new video-based, instructor-led by Jeff Bosworth e-learningcourse for Delphi 2005™ coming later this summer. As a member of the DG you have access to a special 10%pre-order discount off the ESP of around $1,199.

We’ve been invited to run a draw for two free copies at our July 18th meeting

To take advantage of this special offer, go tohttp://store.keystonelearning.com/detail.aspx?ID=667&Affiliate=32 When purchasing, proceed to the checkout and use the special promo code Delphi10 for your discount.

Contents of Delphi 2005 Essentials:

1.0 Introduction to Delphi 20051.1 What's Delphi 2005?1.2 Defining Requirements1.3 Modeling Applications1.4 Designing User Interfaces1.5 Generating and Editing Code1.6 Compiling, Debugging, and Deploying Applications1.7 Controlling Access and Tracking Changes to Code1.8 What's New?2.0 A Tour of the IDE2.1 Welcome Window2.2 Menus2.3 Forms2.4 Designer Surface2.5 Tool Palette2.6 Object Inspector2.7 Object Repository2.8 Project Manager2.9 Model View2.10 Data Explorer2.11 Structure View2.12 History Manager2.13 Code Editor3.0 Projects and Project Groups3.1 Starting a Project3.2 Default Project Options3.3 Windows Projects3.4 ASP.NET Web Projects3.5 ASP.NET Web Services Projects3.6 VCL.NET Projects3.7 Database Projects3.8 What is a Project Group?4.0 Building Windows Applications4.1 GUI Applications: SDI4.2 GUI Applications: MDI4.3 Console Applications4.4 Service Applications4.5 Creating Packages and DLLs5.0 Introduction to Delphi Object Pascal5.1 Language Overview5.2 Programs and Units5.3 Using Namespaces

5.4 Fundamental Syntax5.5 Declarations and Statements5.6 Expressions5.7 Data Types, Variables and Constants5.8 Procedures and Functions5.9 Classes and Objects5.10 Standard Routines and I/O5.11 Libraries and Packages5.12 Object Interfaces5.13 Memory Management5.14 Program Control6.0 Introduction to .NET6.1 What's New in the .NET Framework Version 1.16.2 Overview of the .NET Framework6.3 .NET Framework System Requirements7.0 Introduction to XML7.1 Introduction to XML7.2 Basic XML syntax7.3 Introduction to XSL – Extensible Stylesheet Language8.0 Delphi's TClientDataSet8.1 Properties8.2 Methods8.3 Events8.4 Structure of the Client Application8.5 Creating an Application Server8.6 Creating the Client Application8.7 Data Modules8.8 Connection Components8.9 Specifying a Provider8.10 Connecting to the Application Server8.11 Updating and Refreshing Records8.12 Deploying the Application9.0 Borland dbExpress9.1 TSQLConnection9.2 TSQLDataSet9.3 TSQLQuery9.4 TSQLTable9.5 TSQLStoredProc9.6 TSQLMonitor9.7 TSimpleDataSet10.0 Borland DataSnap10.1 Creating a Simple DataSnap Application

The Developers Group Magazine July/August 2005 Page 37 return to index

DIL CD - search the way you want

Search your Developer Information Library by:* word or expression * subject * category * all or new entries only * type of graphic (from next issue)

Never tried DIL?Ask for your evaluation copy now.