Don’t write code like this…

October 21, 2003 at 7:22 pm

I’ve just finished doing a security review of my MSDN columns, and as part of that,
I needed to add some security to an add-in architecture, so the add-in architecture
won’t run antisocial code. The approach taken by .NET security is reminiscent of ACLs,
which means (at least to me) that it’s confusing and I need to read the code 5 or
6 times before I understand it. Along the way, I got a chunk of code from somebody
on the .NET security team, which I’ll reproduce here:

private NamedPermissionSet FindNamedPermissionSet(string name)
	IEnumerator policyEnumerator = SecurityManager.PolicyHierarchy();

	while (policyEnumerator.MoveNext())
		PolicyLevel currentLevel = (PolicyLevel)policyEnumerator.Current;

		if (currentLevel.Label == "Machine")
			IList namedPermissions = currentLevel.NamedPermissionSets;
			IEnumerator namedPermission = namedPermissions.GetEnumerator();

			while (namedPermission.MoveNext())
				if (((NamedPermissionSet)namedPermission.Current).Name == name)
					return ((NamedPermissionSet)namedPermission.Current);
	return null;

Ugly, isn’t it?

The root of the problem is that PolicyHierarchy returns an IEnumerator instead of
an object that supports IENumerable.  This means that I can’t use foreach on
it, and have to write the traversal myself. This decision also means that, without
a collection returned, there’s no place to hang a useful method like “LookupLabel()”
on, so all users are stuck writing the search code themselves (or encapsulating it
off into a separate method).

PolicyLevel.NamedPermissionSets uses a different approach, that of returning an IList,
which is better than an enumerator, as I could use foreach on the IList, but the person
who wrote this sample didn’t because they didn’t know about foreach. If they had,
they would have done the right thing.  

We need to not do this.


Learning to speak in public

October 17, 2003 at 11:29 am

I enjoy giving presentations – there’s something about being up in front of a crowd
that is very powerful, especially when they’re laughing.

But I wasn’t always like that. In fact, throughout high school and college, I avoided
those sorts of situations as much as possible. When I got out of school and started
working (at Boeing Computer Services, doing engineering graphics), I decided that
being able to speak in public was a skill I wanted to have. Boeing sponsored a Toastmaster’s chapter,
but that seemed like an artificial situation (I told myself). To be honest, it
was probably more that deciding to do something like that is a big move,
so I put it off.

One day, a fellow motorcyclist who I had taken a motorcycle safety course
from suggested that I become an instructor for MSF.
That seemed like a great idea – I could learn to speak, teach people to ride better,
and make a little spending money (very little, it turns out). So, I sent in an application
and was accepted to the 1990 instructor class.

Though the format has changed since then, at the time the course ran for 8 days straight.
You started with 6 days of covering the beginning
rider course
 in excruciating detail. For the classroom sections, you walk
through what you need to present and do short practice sections of presentation. For
the range (ie riding) sections, you learn how to present an exercise, how to demo
an exercise, where to stand, what appropriate coaching is, how to get the students
to do what you want, and how to keep track of time. You’ll spend 8 hours a day on
this, plus 4 hours at night studying.

Then, on Friday night, an unsuspecting class of students shows up to be taught by
the instructor candidates, with your chief instructors there only to observe (and
to rescue you if you really screw up).

The result is not pretty.

The classroom sessions go pretty well – the curriculum is very good, and even if you
just read the talking points and show the videos, the students will do well. The range,
however, is another matter.

MSF courses teach skills in progressions – the students learn one skill, and then
the next exercise builds on that skill. A cornerstone of that approach is that students
need to actually *learn* a skill before they go to the next exercise. Unfortunately,
it requires skilled instructors to ensure that, and we were far from skilled. We chose
exercises to lead by lot, and I drew exercise 11, which is titled, “Shifting and turning
on different curves(3) and shifting and making sharp turns”. It requires the students
to put together actions smoothly and in the right order on an intimidating course.
It’s very, very useful in a well-taught class, but for me, it turned into the exercise
from hell. To get a passing grade as an instructor, the students need to achieve the
point of the exercise, and the combination of them not getting good instruction and
my inability to keep them in the right path of travel meant that it was pretty much
a foregone conclusion that I would not get a passing grade on that exercise. Luckily,
I had passed my first classroom section, and I only had one more range exercise to
teach, “stopping in the shortest distance”, which is pretty much impossible to foul
up as an instructor. So, I passed the course, though it was incredibly intense. That’s
to make the real courses seem easy.

After a while, I started teaching the classroom section by myself. The courses only
have 12 people in them, so the size isn’t that intimidating, but you have to be “on”
the during the whole course. Over time, I got so that I really enjoyed teaching the
courses, though I had to give them up recently because of other time committments.

Onto C# Land. The original C# team was part of the VC++ team, and we had 4 devs, 5
testers, and one PM working on the compiler, plus Anders and a couple of other people
on the design team. After we announced C#, there was a ton of call for talks on the
subject, and limited resources, so I started doing talks (one of the nicethings about
MS is that I was able to do talks even though I was a QA lead, not a PM). In one quarter,
I did 23 talks on C#, and found that I was a bit of a ham when I got up in front of

If there’s a point to this story, it’s that if you want to get good at something,
you need to just do it. But try not to start in a the “Rock Star”-talk-to-3000-people-at-PDC

Naked at Work…

October 15, 2003 at 2:45 pm

This is not the newest manifestation of the “Dress Casual” trend.

at Work (And Other Fears):
How to Stay Sane When Your Job Drives You Crazy

Is a book that I’ve been reading. It’s a self help book, but not the “do these things
to make yourself better” vein. More in the “this is why the world seems to be the
way that it is”.

I picked this up at the library because I liked the title, and I was happy to find
that it has a fair amount of wisdom in it. For example, just because we think about
ourselves all the time does not mean that other people think about us all the time.
That means if our boss sounds grumpy when he meets us in the hall, it’s much more
likely that he’s not grumpy about us, but about other, more important things in his

The big surprise for this book – based on my assumption that the title was dreamed
up by the publisher to sell more books – was that it is genuinely funny. Paul Hellman
has a style that is not unlike Dave Barry’s, and in my book, that’s a pretty good
place to be. Here’s an example of an anecdote from the book:

Anecdote #20: Traffic Item in the paper: A union debate whether to block rush
hour traffic to “draw public attention to worker’ gripes.” Is there a connection between
rush hour traffic and workers’ gripes? I think yes! I’m a worker, and one of my main
gripes is — rush hour traffic. Maybe the union’s motto should be, “We’re not going
anywhere and neither are you.” But I doubt the public would react favorably: “This
traffic is driving me NUTS!!! And yet — it’s also increasing my sympathy for workers’
gripes!” Anyway, it doesn’t really matter. You can’t block rush hour traffic. It’s
already blocked! That’s the whole point of rush hour traffic. If the union really
wants public support, they should figure out a way to unblock it.

Read this, or get ready to peel some onions…

October 10, 2003 at 5:26 pm

A nice post