From author David A. Utter of WebProNews
http://www.webpronews.com/topnews/topnews/wpn-60-20060721HowGoogleCanFindYourSecretPage.html

Amazingly enough, some webmasters haven't learned about Google yet, and how easy it is to retrieve pages that have been poorly protected from being viewed.

When the blogger behind the brand new EvolvedLight blog wanted to find out more information regarding an accident at Alton Towers amusement park in Staffordshire, England, the quest for information led to the park's media page.

"This site is for Media use only. To gain an access password please call 01538 704015," reads the page. Instead, the blogger turned to the ubiquitous Google to indulge in a little Google hacking.

In looking at the source code, one section revealed that whatever is entered as a password would trigger a redirect to a page named {password}.html. The right password would reveal the press page.

So the blogger sent Google a simple search string: * site:http://press.altontowers.com and guess what was revealed as the third result in the SERPs?

"Welcome to the Alton Towers Press Site," said the revealed page, called pressxpsa.html. That means the password would be pressxpsa.

And indeed it is. To call this a poorly designed page would be an insult to poorly designed pages everywhere. In the interest of helping out someone in need, here is a Microsoft link on securing ASP pages for the amusement park's Windows Server 2003 host running IIS 6.

From Microsoft.com: "Microsoft SQL Server 2005 Everywhere Edition offers essential relational database functionality in a compact footprint ideal for embedding in mobile and desktop applications including a new generation of occasionally connected dynamic applications." I'm not sure I agree.

Here is my inital list of pros/cons from a developers point of view:
Pros
Completely run in-proc, meaning there is no installation required
Free to develop, deploy and redistribute
Allows up to 4GB databases
Support for up to 256 connections
Very compact (max of 7 DLLs required at 1.4 MB)
Cons
No user interface available (I had to create my database through code)...I'm sure a 3rd party will develop one very soon.
Support for only a limited number of datatypes - for example, supports nvarchar, but not varchar or the XML data type!
Does not support stored procedures, views,  triggers, extended stored procedures, or macros.

Sample Application
The code is not that complicated, so I'm not going to write up a technical explanation. But in my overall opinion, this product seems to be a much more powerful version of Access without the interface. I don't see myself using it anytime soon.

I spent a few hours reading about SQL Server Everywhere and put together this sample application.
Download Sample Application
Form1.cs



Useful links
Downloaded SQL Server Everywhere: http://www.microsoft.com/sql/ctp_sqleverywhere.mspx
Paul Flessner announced SQL Server Everywhere: http://www.microsoft.com/sql/letter.mspx
Steve Lasker's Blog -  Interview with Paul Flessner: http://blogs.msdn.com/stevelasker/archive/2006/04/10/SqlEverywhereInfo.aspx

Here's an interesting article on getting your site indexed on search engines before it's really live.

http://www.site-reference.com/articles/Search-Engines/Getting-Your-Site-Indexed-Before-You-Launch.html

Over the past 10 years, I have spent a good amount of time teaching software development. First in college, I was a teaching assistant at NorthernIllinoisUniversity. Then after graduating, I worked for a couple companies and did some internal training. Over the years, I have helped a few friends get into the IT industry…taught them the basics and helped get their foot in the door of a new career. I now provide training for companies on a consultant basis.

 

I have learned a lot from people, books, magazines, conferences and online…and continue to learn more everyday. At least once a week, I get emails from people who are getting started in software development. Some people have questions while others just thank me for the articles that I publish. Beginning developers often ask something like, “What do you recommend I do so I can become a full time web developer?” More experienced developers often ask what I would recommend to help advance their careers or become an independent contractor.

 

These answers are not easy…it depends on your experience, your available time, and most importantly, your drive. But I took the time to put together what I think is important. The first 5 are for those of you just getting started and the last 5 are for the life of your career.

 

1. Find Good Resources – Whether it’s a friend, colleague, website forum or some online community, try to find at least one good resource. When I graduated college, most of my skills were mainframe-based (Cobol, JCL, etc.). I immediately got a job with IBM but I really wanted to do web development. So I bought a few ASP and Visual Basic 6.0 books, read through them and did the examples. It all made sense, but I wanted to get some practical experience. I was consulting at Allstate Insurance at the time (mainframe area) and had a great deal of knowledge of their systems. Allstate had made the decision to get on the web at that time (May 2000) and I was able to get a position as a business knowledge expert. As the project progressed, I became friends with several of the developers and had great people to bounce questions off of. Over the next 6 months, I learned more than ever…they told me what to learn now, what book chapters to skip for now, what was important, what was not important. Everything became very clear, I developed a couple ecommerce sites (including Cigars Around the World’s first true database-driven, ecommerce site) and earned my MSCD in VB 6.0. This may be the most important recommendation for getting started…but be careful, there are a ton of hacks out there and you do not want their advice!

 

2. Learn the Basics – 75% of the code you write can be written in any language. Your most common tasks will include declaring variables, assigning values, performing calculations, looping through data, if…then…else, functions, etc. Every language supports these features and they must be mastered. Any “Introduction” book will cover these features in very good detail. If a book has at least a dozen or so reviews, see what the consensus says. Better yet, a good resource should be able to recommend a good starter book. I also highly recommend buying an introduction book for the language you plan on developing in. You might not know what that is, but you should have a good idea. You want to always be reading in the language you are learning…this may seem obvious, but I know people who want to learn C#, but are reading a C++ book because their brother had one laying around. If you want to learn C#, make the investment of buying a good C# book. And don’t worry too much about choosing a language to start with…as I said above, the basics translate to any language…it’s just syntax differences.

 

3. Keep It Simple – I have a friend who says this all the time in meetings where we’re discussing how we want to solve a particular issue. That’s all he says…really. Most people kind of laugh at it. I used to, but then I thought about it a little and now I consciously practice it. If you put 1,000 developers in a room and gave them even a simple coding task, not one person would code it the same. The question is, would everyone be able to read your code…and if you looked at it a few months later, would you be able to quickly read and understand it? There are a million ways to solve any problem; the best approach is to keep it simple. It makes it much easier to maintain and also decreases the chance of someone else breaking it (including yourself!).

 

4. Learn By Doing – Reading and comprehending a subject isn’t that difficult….but can you really apply what you just learned? I have tried to get through books very fast and skip over some of the “Chapter Tasks” at the end. The next day, I couldn’t tell you much about what I had read. That’s why I make a point of immediately performing all of the exercises in a book. When I’m teaching a friend programming (as I am right now), we typically work side by side on separate computers. We both do everything I’m teaching and he’s learning. I could just sit there are type everything as he watches, but it has been my experience that it never works. The more time you spend in the software development environment (i.e. Visual Studio.NET, SQL Server Management Studio, etc.), the more comfortable you will get.

 

5. Plan your Code, Code your Plan – One of the biggest mistake developers make is to start coding right away. Big mistake! I cannot express that enough! People get all excited about creating an interface, designing the logo, blah, blah, blah. Yeah, that’s fun, but it’s not the correct approach to take. There are entire courses on proper systems design and architecture (which are definitely worthwhile!), but the basic approach to a System Development Life Cycle (SDLC) is this.

 

1. Project planning and feasibility study: Establish a high-level view of the project and determines its goals.
2. Systems analysis and requirements definition: Refine goals into defined functions. Analyze end-user needs.
3. Systems design: Describe desired features in detail, including screen layouts, business rules, process diagrams and other documentation.
4. Implementation: Write the code. Personally, I design the database first,
5. Testing: Check for errors, bugs and interoperability.
6. Deployment: The final stage of the initial development where the software is put into production and runs the actual business.
7. Maintenance: The rest of the software's life: changes, correction, additions, moves to a different platforms, etc. This, the least glamorous and perhaps most important step of all, goes on seemingly forever.

 

It is so important that you follow these or some other SDLC approach. The amount of upfront planning and preparation will save you tons of time in the long run.

 

6. Don’t be lazy! – Often, you might seem under a lot of pressure to get something done very quickly…it is very important to never compromise the quality of the software to get something done fast. Even worse than that are people who take the shortcut or “band-aid” code just to be done with it. These are the worst developers and are not respected. If you there is any chance a user might do something on your website, be sure to account for it…because they will do it! I can think of at least a half dozen cases where a fellow developer did not code for some scenario because “there’s no way anyone would ever do that”. And more times than not, some user somewhere did it…and I’ve seen entire websites crash because of it (and people do get fired). The developer always blames the user for being stupid and doing what should not have been done, when in fact the developer is the real idiot. Don’t be lazy…don’t be a hack…do it right.

 

7. Put First Things First - One of the best books I have ever read (and read at least once every year) is Stephen Covey’s “7 Habit’s of Highly Effective People”. He says in Habit 3: Put First Things First, “The key is not to prioritize your schedule, but to schedule your priorities. Do the most important things first – because where you are headed is more important than how fast you are going”. He also says of all of the 7 habits, this is the hardest one to master. I completely agree…it is so easy to work on the fun tasks or prioritize what may seem urgent over working on the not-so-fun things than require time and serious thought. But what’s important should always take precedence over what’s considered urgent. Self discipline can be difficult and you have to realize these tasks you’re pushing aside for another time will never go away. You have to do them and you have to make them a priority. In Covey’s book, he also referenced a lifelong study on what the common trait among successful people is. The answer: successful people know to “Put First Things First”. This may be the most important recommendation you’re your continued career.

 

8. Reuse, Reuse, Reuse – You should never need to rewrite the same logic of code ever. Does your application send emails out? If so, you better have one “SendEmail” method that everyone uses. Do you query the database for the current specials to be displayed on every page? You better have that method encapsulated in a database tier and every page better be getting the data through that method (Better yet, you better be caching that data to eliminate the extra database queries!). Whenever I start coding a new website (after the database has been designed), the first thing I do is add in my “Common” code. This common code takes care of all of the tasks common to every website, which includes validation, javascript and form helpers, constants, enumerations, exception handling, emailing, base classes, and much more. At least 10-15% of my code is now done and I know it works perfectly. The next thing I do is generate my data access tier. I always write my data access code the same from project to project: I create custom classes to represent data entities, I pass all data from tier to tier through these custom classes and I use the Microsoft Data Access Blocks to do the database access. It’s really time consuming to create the custom classes, CRUD methods and the stored procedures, so I create my own data tier generator. With the data tier generator, I click one button and everything is generated in a couple of seconds…hours and hours of work now done instantaneously and I know the code is perfect. Work smart, not hard.

 

9. Certifications – Get certified or not? This has been a debate among fellow developers for a long time. My personal belief is to get certified, but it’s not priority #1. My reasons include:
   1. I have interviewed for contracts where they only accepted resumes from people who were at least an MCSD (Microsoft Certified Solution Developer).
   2. I have taken several tests and they are not easy…they do require a very good deal of knowledge and understanding in order to pass.
   3. Some companies give bonuses or raises for obtaining your certification
   4. Instant credibility – Only those who do not believe in the program will not care…the other 99% who know what the certification is or do not know what it is have an instant feeling that you know what you’re doing.

 

Most people I speak to agree getting certified is a good idea. Some are indifferent and a few completely disagree. The main disagreement is that anyone can get certified. They’re just tests and there are “brain dump” websites out there where people post questions and answers right after taking the tests. These are true statements, but almost every interview I have been on for a contract or short term assignment have looked very positive on my certification. I certainly believe getting certified has made my career as an independent contractor a lot easier…and it obviously cannot hurt it.

 

10. Continued Education – This is what separates the real developers from the 9-5’ers. Most programmers get by with the basics. They know enough to get the job done, work their 8 hours every day and go home to do nothing. Those with drive and ambition to be great continue their education everyday…even at home. Whether it’s reading technical magazines, online articles, blogs, or picking up a good book, anything you do to stay on top of the latest technology will give you a huge advantage. Not only will you continue to work with the latest software, but you will also be much more sought after, have much better job security and be able to bill a much higher rate. I personally subscribe to 4 technical magazines and a few weekly newsletters. I also try to read one good book per month. By doing this, I am always reading about the newest software and have learned great approaches to difficult solutions (which saves me a ton of time and work). My favorite site is The Code Project. They send out a weekly newsletter that lists the recent articles by category. They enforce an excellent format that is easy to follow and provide an area for feedback. When searching for a way to do something specific, I often go here first and almost always find it. Whatever approach you take, make a conscious effort to keep learning. By being smarter and better than the rest, you have complete control of your career…which leads to more opportunities…which leads to a very enjoyable life.