Overview of SCRUM
Our new approach to systems development is based on both defined and black box process management. We call the approach the SCRUM methodology (see Takeuchi and Nonaka, 1986), after the SCRUM in rugby -- a tight formation of forwards who bind together in specific positions when a scrumdown is called.
As will be discussed later, SCRUM is an enhancement of the iterative and incremental approach to delivering object-oriented software initially documented by Pittman9 and later expanded upon by Booch. It may use the same roles for project staff as outlined by Graham, for example, but it organizes and manages the team process in a new way.
SCRUM is a management, enhancement and maintenance methodology for an existing system or production prototype. It assumes existing design and code which is virtually always the case in object-oriented development due to the presence of class libraries.
SCRUM will address totally new or re-engineered legacy systems development efforts at a later date.
Software product releases are planned based on the following variables :
· Customer requirements - how the current system needs enhancing.
· Time pressure - what time frame is required to gain a competitive advantage.
· Competition - what is the competition up to, and what is required to best them.
· Quality - What is the required quality, given the above variables.
· Vision - what changes are required at this stage to fulfill the system vision.
· Resource - what staff and funding are available.
These variables form the initial plan for a software enhancement project. However, these variables also change during the project. A successful development methodology must take these variables and their evolutionary nature into account.
New enhance: .NET 4.0 Security
The first beta of the v4.0 .NET Framework is now available, and with it comes a lot of changes to the CLR's security system. We've updated both the policy and enforcement portions of the runtime in a lot of ways that I'm pretty excited to finally see available. Since there are a lot of security changes, I'll spend the next month or so taking a deeper look at each of them. At a high level, the major areas that are seeing updates with the v4 CLR are:
- Security policy
- Security transparency
- APTCA
- Evidence
- AppDomain Managers
Like I did when we shipped the v2.0 CLR, I'll come back and update this post with links to the details about each of the features we added as I write more detailed blog posts about each of them.
One of the first changes that you might see to security in the v4 CLR is that we’ve overhauled the security policy system. In previous releases of the .NET Framework, CAS policy applied to all assemblies loaded into an application (except for in simple sandbox domains).
That lead to a lot of interesting problems. For instance, one of the more common issues people ran into was that they would develop an application on their local machine that they wanted to share with other people on the network. Once the application was working on their machine, they would share it out, but nobody could run it over the network because CAS policy provided a lower grant set to assemblies loaded from the intranet than it does to assemblies loaded from the local machine. The usual result was unexpected and unhandled SecurityExceptions when trying to use the application.
Generally, the only solution to this problem was to either manually update the CAS policy on each machine that wanted to run the application, deploy the application some other way (for instance via ClickOnce), or use native code.
One of the worst things about this problem was that the additional pain of not being able to just share a managed app over the network wasn’t actually buying any security. If an application wanted to attack your machine, it could bypass the sandbox that the CLR was setting up simply by being written in native code.
Effectively, running an executable is a trust decision – you’re saying that you trust the application that you’re running enough to execute with the privileges your Windows account has.
That leads to an interesting observation – the CLR isn’t the correct place to be setting permission restrictions for applications that are being launched directly (either from the command prompt, or from Windows explorer for instance). Instead, that should be done through Windows itself using mechanisms like SRP, which apply equally to both managed and native applications.
In the v3.5 SP1 release, these observations (writing managed code to use on the network was harder than it needed to be, and it wasn’t even buying any extra security) led us to relax CAS policy for LocalIntranet applications slightly. We enabled applications that were run directly from an intranet share (and any assemblies loaded from immediately next to that application) to be fully trusted by pretending that it had MyComputer zone evidence instead of LocalIntranet.
In the v4.0 release of the runtime, the CLR has taken that a step further. By default, unhosted applications are not subject to managed security policy when run under v4.0. Effectively, this means any managed application that you launch from the command prompt or by double clicking the .exe in Windows Explorer will run fully trusted, as will all of the assemblies that it loads (including assemblies that it loads from a location other than the the directory where the executable lives).
For applications run from the local machine, there really should be no observable change. However, for applications that are shared out over a network, this means that everything should just work – just as if you had run the application from your computer while you were developing it.
Posted in: C# and .NET| Tags: NET Security .NET 4.0 CLR New Enhance AppDomain system framework beta lotVSTS 2010, Enhanced User Experience
Microsoft Visual Studio 2010 delivers a modern, enhanced user experience that makes understanding the current context more natural.
* Clear UI Organization
* Reduced clutter and complexity
* Improved editor
* Better support for floating documents and windows
* Enhanced document targeting
* Focused animations for action feedback
Parallel Programming
Parallel programming is simplified, so both native- and managed-code developers can productively build innovative applications.
* IDE support for parallel programming
* Native C++ libraries that use lambda functions and align well with STL
* Parallel Extensions to the .NET Framework offers support for imperative data and task parallelism, declarative data parallelism, and more
* Resource management of the multicore hardware and task scheduling enabled by Concurrency Runtime
* Parallel debugging windows and profiling views
Democratizing Application Lifecycle Management
Democratizing Application Lifecycle Management
Visual Studio Team System 2010 delivers new capabilities for everyone on a project, including architects, developers, project managers and testers.
* Discover existing code assets with the new Architecture Explorer
* Design and share multiple diagram types, including use case, activity and sequence diagrams
* Tooling for better documentation of test scenarios and more thorough collection of test data
* Run tests impacted by a code change with the new Test Impact View
* Gated check-in, branch visualization and build workflow allow for enhanced version control
Inspiring Developer Delight
Visual Studio has made application development more productive, efficient and flexible for both developers and companies. Visual Studio 2010 continues this legacy.
* Contextual support helps developers better understand existing code – and write new code more efficiently
* First class C++ development experience that helps developers navigate and understand complex C++ source bases
* Build new Windows® 7 applications or upgrade existing applications
* Enable Office tools to make your solutions more flexible and productive for specific needs
Web Development
Web Development
With Visual Studio 2010, we're continuing our investment in great Web development tools.
* A high-performance and standards-compliant JavaScript IntelliSense® engine
* "One Click Deployment" that quickly publishes files and configuration settings from development machines to the final deployed site
* Full support for Silverlight™ for cutting-edge, rich Internet applications
Cloud Development
With Windows Azure™ Tools for Visual Studio, it's easy for developers to build, debug and deploy services and applications for Microsoft's new cloud platform.
* C# and VB Project Templates for building Cloud Services
* Tools to change the Service Role configuration
* Integrated local development via Development Fabric and Development Storage services
* Debugging Cloud Service Roles running in the Development Fabric
* Building and packaging of Cloud Service Packages
* Browsing to the Azure Services Developer Portal
More Databases
More Databases
With the Visual Studio partner ecosystem, developers will now be able to work with IBM DB2 and Oracle databases in addition to Microsoft SQL Server™ databases.
IBM has committed to develop, sell and support a Database Schema Provider (DSP) to let developers working with DB2 on the Windows, Linux or Unix platforms do offline design, development, testing and change management using Visual Studio Team System 2010 Development Edition.
Quest Software have made a similar commitment develop, sell and support a DSP which will enable Oracle Developers to work with their databases just as easily.
Posted in: C# and .NET| Tags: Programming Microsoft VSTS 2010 Enhance User Experience Cloud experience user visual enhanced vsts context studio modern