Our church software project, Church Radius, has gone live! We're pretty excited about it here. It is a web-based solution that we are offering with a software-as-a-service model. We are taking the SaaS approach to an area that can really reap the benefits of low upfront costs, pay for what you use, on-demand, access from anywhere, etc.

We're just getting off the ground so if you think this is interesting, we'd really appreciate links, reviews, comments, etc.

Just to give a bit of history, I have been connected to a church software product since 2000. I have been patiently waiting for the opportunity to really overhaul it. Originally I was thinking of a .NET-based P2P smart client but the P2P framework I envisioned was a bit too ambitious. And frankly the church software market for Mac and Linux is really underserved so a web-based solution seemed like a really good idea. The software-as-a-service approach lets us help churches avoid spending money on servers, new workstations, etc. in order to run Church Radius.

Since this is a tech-oriented blog, here are some implementation details: The site runs on ASP.NET 2.0. We built everything using Visual Studio 2005. We use ASP.NET Membership, which was a real boon because it was almost plug-and-play. We did a little bit to integrate our account management with the membership database but otherwise it was just so simple. And of course we are using master pages. You have to love master pages!

The backend is SQL Server 2005. The login account from the web site to database only has permission to execute stored procedures to remove the risk of SQL injection vulnerability slips. Because our church software is a hosted SaaS solution, we have multiple customers on the same servers. Every stored proc has to accept an OrgId and use it for every query (we monitor that part manually). Of course that lets you create a clustered index on OrgId for all tables to allow for efficient queries since each church represents only a small subset of the data in a table (so the execution plan is likely to use the clustered index).

We use NUnit for developer testing and NAnt for nightly builds on a dedicated build server. I also created a little web page that any developer can hit anytime to initiate a new build. I really should publish that to this blog one of these days. The NAnt script was a port from another project and is almost completely redundant now since basically all the build work is shelled out to MSBuild.

Right now I am working with Watir to do automated UI testing. Watir is a Ruby testing framework that automates IE. I highly recommend it.

Anyway, that's what we've been working on at Ardent lately: church software-as-a-service. Check it out and please spread the word!

Technorati : Christian, Christianity, Faith, Religion, SaaS, Software as a Service, Theology, church, church software

  Disclaimer  |  Comments [0]  | 

DevTeach is just a week away...

Are you going to be there? Leave a comment. Still on the fence? My advice: just do it! DevTeach is a great conference, which is why I signed up to present there (a mere 2.5 weeks before my wife's due date - yikes!). It really is a great value and Montreal is such a great city. You won't regret it at all.

  Disclaimer  |  Comments [2]  | 

Well, I'm a roll with bad error messages this month. This week we finally received a merchant number and API token from Moneris to accept Mastercard and Visa for Church Radius. So I plugged the numbers into our configuration file and went to process a live credit card transaction. It failed with an error message saying "API Token Mismatch". What might this error message make you think is wrong? That you had an invalid API token? Good guess... But, nope. We got that error message because the sales team at Moneris had screwed up and not enabled recurring billing (subscriptions) to our merchant account. Even the tech guy at Moneris was confused. We figured it out by guessing at things that could be wrong.

The good news is that Church Radius is now completely and officially LIVE! Wahoo.

Technorati : church, church management software, church software

  Disclaimer  |  Comments [1]  | 

Error messages should be helpful. Bad error messages disrespect the user by saying, "something is wrong but I'm not going to tell you". I've made that point before.

Today I was treated to a paragraph-long error message explaining password complexity rules. The password that failed was this:

3"[cU8jlBe4vG}Zx{3^6@3

Look at this password with me. It's plenty long (22 char). It has numbers, uppercase characters, lowercase characters, and non-alphanumeric characters. It's a good random password. It was, in fact, randomly generated by Keith Browns's PasswordMinder.

I dissected the paragraph of error message to find buried in the middle this rule: must not have been changed within the last 1 day. Oh. The problem was not complexity but that my password had been reset yesterday. Here I was trying to be responsible by immediately changing my password after having it reset...

What really irks me is that the error condition is known specifically but the error message is generic. If the regular expression for password validation fails, tell me that the password is not complex enough. If I used the same password in the past, tell me that. If I cannot change my password today because it was changed yesterday, tell me THAT.

When the specific error condition is known, tell the user exactly what is wrong and whether or not it is his/her fault. That way he/she can act appropriately without resorting to detective work.

  Disclaimer  |  Comments [1]  | 

I've been trying out Office 2007 for a few weeks to give the ribbon UI a chance. I'm a shortcut key fanatic and frig, frig, FRIG!!! I frequently use Paste Special to paste unformatted text. In shipping versions of Word I press Alt+E, S, Ctrl+End, Enter (I'm pretty fast at that combo). Eventually I get around to recording a macro and assigning it Ctrl+Alt+Shift+V. With the new ribbon interface I have to press Alt+E, C, V, S, Ctrl+End, Enter. Not too short for a "shortcut".

"Oh, Derek," you say. "Stop whining and go create a macro." Sure, OK. Wait a minute... How do I create a macro? There is no longer a Tools menu. No mention of macros on any of the tabs. Grrrr...

The solution? Go to File | Word Options. Select Views. Check Developer Tools. A new Developer tab now shows up providing access to macros and some other stuff (like XML schemas). Yeah, I know - exceedingly intuitive compared to Tools | Macro | Record New Macro.

Now, I'm not exactly a Word power user but I can hold my own, and I suspect I am not the only person who is not going to appreciate feeling like a novice in my word processor. I am convinced that ribbon-enabled Office 2007 products will ultimately ship with a compatibility mode (standard menus, toolbars, etc.). I personally won't use it, I'll fumble my way through figuring out the new UI. But lack of a compat mode will hinder adoption. Or maybe everyone has forgotten how essential it was to have a WordPerfect compatibility mode.

Update: Turns out the Developer tab is also how you edit document properties like Author and Title. I was wondering where that functionality went since it's not accessible under the File menu. Personally I think this feature should have been made more accessible, not less. Document properties can really matter when you start putting things into SharePoint or some other document management system.

Technorati : microsoft, office 12, office 2007

  Disclaimer  |  Comments [1]  | 

I dusted off my modest ADSI skills yesterday to help some folks figure out how to authenticate against Active Directory by binding to it using LDAP. Here's a VBScript version using ADSI (run at command line using cscript.exe).

Const ADS_SECURE_AUTHENTICATION = 1

Dim uid, pwd

WScript.StdOut.Write "User name (with domain prefix): "
uid = WScript.StdIn.ReadLine

WScript.StdOut.Write "Please enter your password:"
Set objPassword = CreateObject("ScriptPW.Password")
pwd = objPassword.GetPassword()
WScript.Echo

' Get just the username (samAccountName)
Dim username
tmp = Split(uid, "\")
username = tmp(1)

Dim LDAP 'As IADsOpenDSObject
Dim LDAPString
LDAPString = "LDAP://cn=Users,dc=yourdomain,dc=local"

'''
''' Important Lines Right Here
'''
Set LDAP = GetObject("LDAP:")
Set obj = LDAP.OpenDSObject(LDAPString, uid, pwd, ADS_SECURE_AUTHENTICATION)
'''
'''
'''

For Each o in obj
If o.Class = "user" Then
If o.Get("samAccountName") = username Then
WScript.Echo "Found " & o.Get("cn")
End If
End If
Next

  Disclaimer  |  Comments [0]  | 

Microsoft has announced SQL Server Everywhere (SQL Everywhere, or the fun but unofficial SQL/e). It is basically SQL Mobile but will run on mobile and desktop versions of Windows. That's really good news if you want a lightweight, in-process database engine for smart client apps.

Here's the nitty-gritty from Steve Lasker: http://blogs.msdn.com/stevelasker/archive/2006/04/10/SqlEverywhereInfo.aspx

  Disclaimer  |  Comments [0]  | 

You know, I don't think enough people recognize the real potential for WPF (Windows Presentation Foundation, formerly "Avalon") to change the software experience.  WPF could mean that Windows and Web applications look and feel the same.  Given the reach of Internet Explorer, there will be a wide implicit adoption of WPF in the browser.  And WPF "Everywhere" (WPF/E) opens up a subset of WPF for other browsers and platforms.  Think about that for a second...  Define the user interface once and have it work in both desktop and browser deployment scenarios.

The implications are actually pretty cool.  You could define one user interface and one backend logic layer.  All you need is a connector that can feed either a desktop or browser launched version of an app.  The implications are huge if someone can make all the pieces work right.

I suspect the reason Atlas is taking so long is that Microsoft wants to make sure the client-side browser model will work for both HTML and WPF.

  Disclaimer  |  Comments [3]  | 

I was getting this error message when I tried to open a document in Word 2003: "This document could not be registered. It will not be possible to create links from other documents to this document."

Word still worked but I was unable to drag-and-drop content. And Outlook would not let me use Word as the editor for my email (which is perhaps an evil thing to do anyway).

Turns out the problem was that a service was not starting automatically (DCOM Server Process Launcher). I don't recall making that change but that's beside the point.  The point is that the error message is terrible. It is disrespectful to the user because it hints at an underlying problem but does not give you any guidance on how to fix it. Sadly, disrespectful error messages are much too common.

  Disclaimer  |  Comments [1]  | 

A couple articles on Windows Workflow from Scott Allen:

http://www.odetocode.com/Articles/447.aspx

http://www.odetocode.com/Articles/448.aspx

  Disclaimer  |  Comments [0]  | 

Here's what you need to do:

1. Go to https://ftponline.com/conferences/register/vslive/2006/toronto/
2. Enter TDERE as your priority code for a 10% discount
3. Complete your registration
4. Go to VSLive Toronto and learn some stuff

There is some good content this year including a bunch of promising stuff on Day 1 (.NET Focus Day) and lots of interesting sessions from some well-known speakers.  Looks like some really solid technical content this year - I don't see any dud time slots.  Here's the agenda:

http://www.ftponline.com/conferences/vslive/2006/toronto/agenda.aspx

  Disclaimer  |  Comments [0]  | 

From http://mcpmag.com/columns/article.asp?editorialsid=1275:

An IT training firm in the U.K. conducted a stunt (or promotion, depending on your feelings about it) to demonstrate that users in London's Golden Mile, its financial district, need more security training. They stood alongside the road and handed out CDs claiming to contain a special Valentine's Day promotion. While no numbers have been provided, a spokesperson for the firm indicated that the CD, when inserted, would "call home" to the firm indicating the user had run it.

The CDs had written on the outside that you ought not to do this because it might be a violation of policy. Despite this, some employees ran the CDs anyway.

As a security conscious guy, this makes me scream, "Aaaaaaaaaaaarrrrrrrrrrrggggggggggghhhhhhhhhhhh."  <heaving sigh>

This column also has some interesting thoughts on the Search Across Computers feature of the Google Desktop that you might want to read.  Personally I loathe the Google Desktop.  I love the Google Deskbar which has been discontinued as a standalone product.  Too bad (thankfully I have a copy of the installer backed up for the future).

  Disclaimer  |  Comments [0]  |