Top 10 Takeaways from DevConnections Day Four

November 13th 2009 | Jimmy Bosse

Top 10 Takeaways from DevConnections Day Four

Whew! Day Four (officially day Three, but I am counting the pre-conference workshop)came to a close with the famous “64-bit Question” session where .NET Rocks! hosts Carl Franklin and Richard Campbell gave away some fantastic swag, like $10,000 Team System licenses. Too bad I didn’t win one. It was a great final day and I chose a well rounded set of sessions:

• It’s the Least You Can Do: Improve Security in Your ASP.NET Applications by Rachel Appel
• Understanding Efficient User Interface Design by Markus Egger
• Performance Isn’t Optional – Making Web Services Work by Richard Campbell
• Building a Rich Web UI at the Speed of jQuery UI by Dino Esposito

And from our home office in Walla Walla, Washington…

1. Read the SANS Institute Report, “…25 Most Dangerous Programming Errors…”

   We can’t be 100% secure, but reading the report will help you think about the most obvious concerns and direct you to resources for addressing these concerns.

2. Use White Lists instead of Black Lists.

   You can’t think of everything even if you try. If you are protecting a file upload, compare how many types of files a user might attempt to upload vs. the specific few you want them to actually upload. White List those few and reject the rest.

3. The UI is how your users will judge your application.

   Most of our work as developers goes into the back end but we are judged on the front end. When was the last time a user said, “Your data model is fantastic and I love how you have separated your concerns?”

4. Don’t confuse Learnability with Usability.

   Usability is a measure of how productive and intuitive the UI is for the average user. Learnability is a measure of how quickly a user can learn a new application.

5. Most of your users are “Good – Average” level users.

   A user will quickly transition from a beginner user to an average user while very few will ever become expert users. Yet, as developers, we often program to those two extremes. Refocus your efforts on the majority of users who are somewhere in between. Note that for a public site this paradigm is a little different as the majority of users may very well be beginners who only visit occasionally

6. Performance Tuning comes after development.

   You will never really know what areas of your application will be bottleneck until people are actually using it. If you attempt to tweak your application for performance in advance, you will just be guessing, and often incorrectly.

7. Decompose your performance problems.

   By creating tests for each tier independently you can determine which tier is your bottleneck or if your problems are elsewhere, like a 10Base-T hub between your server and firewall.

8. Sometimes you need to cache less for better performance.

   Cached items are low priority so they can be thrown out by the garbage collector when resources need to be freed. If you are caching
   too much you could actually be forcing the system to run out of resources thereby forcing the system to purge your caches. Only cache things that have high usage.

9. Go download jQuery UI.

   This framework can help you do some amazing things with the UI, from tabs to modal dialog, this framework is slick.

10. jQuery is better with ASP.NET MVC.

    Because MVC developers are often in a bare metal HTML frame of mind, not because of any technical limitations.

    My first DevConnections has been a fantastic experience. I heard some phenomenal speakers, met new developers from all over the world, and sharpened my saw. I am excited to bring the things I’ve learned back to our team. But first I am going to have a restful weekend – I never thought a conference could be so exhausting.

    If you have any questions about this series of posts or about DevConnections, feel free to send me an email (jimmy.bosseATthycotic.com) or message me on Twitter @jimmybosse.

    Jimmy Bosse is a Team Lead at Thycotic Software, an agile software services and product development company based in Washington DC. Secret Server is our flagship password management software product. On Twitter? Follow Jimmy

Comments

• Other Developer Blogs

  • Alvin Ashcraft’s Morning Dew
  • The Morning Brew

• Recent Posts

  • The Benefits of Pair Programming
  • Managed code isnt always the best solution
  • Debugger Friend or Foe
  • Dealing with Nullable Types and IIf in VBNET
  • Cool Things to Do with Dynamics in dotNET 4
  • Are Extension Methods a Code Smell
  • An Overview of C# 4.0
  • Some Love for VB.NET 10 Too
  • The Danger of Single Responsibility in Programming Continued
  • Want to join a team of top notch developers in the DC Metro area?
  • The AJAX UpdatePanel Is it your worst enemy?
  • Thycotic brings Password Management to SuperComputing 2009
  • Top 10 Takeaways from DevConnections Day Four
  • Top 10 Takeaways from DevConnections Day Three
  • Top 10 Takeaways from DevConnections Day Two