It’s that time of year again, kids!  Another .NET namespaces and types poster has been cranked out of Redmond:

While these are pretty from an esthetic perspective (look at the soft pastel colors and swooshes!), they really are quite useless.  Sure, you can glean how the Framework has changed to incorporate new functional groups, but are you really going to consult this chart when working on your next 3.5 project?

No, it’s more likely we’ll all be hitting CTRL-ALT-J or load up Reflector or Google the damn object.  Oops, I mean “Live Search” the damn object.

Satisify your urge to get yet another poster and download it here.

Recently, I’ve noticed some furtive spamdexing attempts in the comments to several of my older posts – in spite of having enabled dasBlog’s built-in CAPTCHA validation component.  I knew from previous experience that these were “scout” entries designed to test my defenses before an all-out onslought.  Unfortunately for the spammers, I had also configured by blog to disable link posting and cut off comments for posts older than 60 days.  This limited their attack surface, but I knew that  I needed to do something to confound these guys before my blog became another broken-window site on the interwebs advertising Viagra and pr0n sites.

Enter: reCAPTCHA

Over the summer I had read about a new advancement in blog spam protection by the folks from Carnegie Mellon who brought us the original CAPTCHA concept called reCAPTCHA, which not only stymies spambots but helps in the archiving of human knowledge from books in the process.  It does this by presenting would-be comment posters with two words to interpret from distorted images:  One is an auto-generated word which the system can validate, the other is a failing OCR capture from a book that is being digitized – but the end user (and spambot) doesn’t know which is which:

I thought this was pretty cool – it’s like a low-tech version of Stanford’s FoldingAtHome project where the web’s multiplier effect is put toward digitizing books instead of unravelling protein folding sequences.  Instead of having users just enter some mindless string, their ten-second investment to validate their post could be put to some good use while making it more difficult for bots to corrupt my comment entries.  Time to try it out! 

Adding reCAPTCHA – The high level overview

reCAPTCHA can be added to just about any type of site – there are plenty of instructions available on the main site.  For our purposes, we need to do several things:

1. Create an account for our domain via the site – this will provide us with two vital parts for installing reCAPTCHA:  A generated public/private key pair;
2. Download the ASP.NET library and copy into the bin folder for our web application;
3. Modify the site.config to hide the old-n-busted CAPTCHA component;
4. Modify the CommentViewBox.ascx file to implement the reCAPTCHA control and register it with our account;
5. Test!

1.  Create a reCAPTCHA account

• Pretty straight-forward – go here click "Sign up now!" and fill in the fields, set up a password and copy your public and private key strings to notepad.

2.  Download and install the reCAPTCHA Assembly

• Get it by clicking the link on this page.  You’ll get an archive folder that you can decompress on your system.  Go inside the release folder, find the Recaptcha.dll assembly and FTP or copy into your dasBlog installation’s Bin folder.

3.  Disable dasBlog’s old CAPTCHA component

• You may want to quiesce your live box before doing this by disabling all comments in the site configuration before proceeding.
• Locate the <enablecaptcha> element in the site.config file located in your dasBlog installation’s SiteConfig folder and set its value to false:
  

4.  Add reCAPTCHA component to the CommentViewBox.ascx control file

• Add a control registration directive to the top of the page:
  
• Add the reCAPTCHA control declaration below the old CAPTCHA control and sub-in the public and private key codes that you obtained during registration:
  

5. Test!

• Navigate to one of your posts from the main page;  your comments section should look similar to the following:
  
• Note that the control has automagically hooked up to the ValidationSummary control that’s in the CommentViewBox control definition – by default it should read “The verification words are incorrect.”
• Test by entering a valid name and comment, then the pair of words.  On postback, the CommentViewBox control verifies that the page is valid according to the results returned from the Recaptcha control.

A quick post for this morning – I’m still working on the material for the next post in the “Refactoring” series, but I did want to advise that I’ve created a Google Code project where I have posted the source code to a SVN (Subversion) repository that I’ll be using for the duration of the project.  This will allow those of you following along at home to pull down copies of the code by revision number – ie. you can “get latest” or anything up to that point.

Accessing the Source

The Google Code site can be found here:

http://code.google.com/p/rnchessboardcontrol/

The SVN repository can be found here:

http://rnchessboardcontrol.googlecode.com/svn/trunk

You will need a Subversion client to pull the code down to your local machine.  There are several flavours of Subversion that are available, as well as client apps – personally, I use the following:

CollabNet’s Open Source Subversion Server and Client

Download the Server and Client for Windows from here:

Tortoise SVN Windows Explorer Extension

SVN is primarily a command-line tool, which if you get proficient with it is fairly quick.  But I’m generally happy with the advances the GUI has afforded us.  So I use Tortoise SVN to provide me an easy way to work with Subversion right from the Windows Explorer.

Download the Tortoise here:

Bringing up the RepoBrowser

The TortoiseSVN Repo-browser allows you to navigate remote or local Subversion repositories through a simple modeless window.  You can bring it up by right-clicking in any open folder space and navigating the context menu thus: 

This will bring up the Repo-browser window where you can now enter the URL for the remote repository:

Once the connection to the remote repository is established, expand the “trunk” folder to see the source elements:

Downloading the Source

Right-click the trunk folder in the Repo-browser and select “Check Out” – this will bring up the following dialog where you can specify the location where you want to locate your working copy:

If the folder doesn’t exist, TortoiseSVN will create it for you – click OK and you’ll begin pulling the source.  Here’s what a successful checkout should look like:

Navigate to your working copy folder and you’ll see the latest revision of the code, which is currently at 2.  This number will increase as we roll along, but you can opt to revert to any version you wish quite easily so you can view diffs and quickly see changes as they happened.

Have fun!

Ed.: I've made some minor changes to this post to improve flow and revise the conclusion.

A few weeks ago (October 16 to be precise…) I happened across an intriguing blog post by developer David Christiansen entitled Is there REALLY any rigor in Waterfall?  Far from being a standard pro-agile polemic, Christiansen describes his own intellectual journey from a self-professed waterfall-neutral “fence-sitter” to agile/iterative-friendly convert through firsthand experience and research.  Rather than accept prima facie the rhetoric on the problems with phased delivery, he researched the model’s pedigree and coupled it with his own experience and had his own revelation:

“For the last couple of years I’ve sort of ridden the fence on where I stand on project management. I’ve conceded that waterfall might have a place in the IT world in the past, that it’s a tool we should have in our toolbox, even if we don’t use it very often…

The waterfall approach to managing software development projects is one of the most costly mis-diagnoses ever. It structures projects for failure. It creates a cost-change curve that is unacceptably expensive (you know, the cost of a change grows exponentially as the project progresses) and is largely responsible for the high failure rate of IT projects.  Waterfall creates a project structure that is rigid and forces you to make decisions and predictions when you know the least, then abide by them no matter what realities you expose in the process.

I am off the fence. Waterfall doesn’t belong in any IT project manager’s toolbox. It is based on and littered with myth.”

While I do enjoy reading about another developer’s Conversion on the Way to Damascus, David’s piece stands out to me because outside of Craig Larman, he’s the only person I’ve come across who makes reference of Winston W. Royce’s role in the story of the waterfall model.  While Royce isn’t really responsible for the waterfall model – that came about as a result of our industry’s 30 year failure to RTFM – knowing who he is and the history behind phased delivery is vitally important to putting the rationale for agile/lean/iterative models into their proper context. 

Is there a One True Way?

A week later, David’s post was picked up in a feedback thread to a rather pedantic advice column on InfoWorld that was responding to a student’s query on the value of requirements vs. testing (btw, I think both the instructor and the student are wrong) with the ensuing fracas prompting David to write a follow-up post where he expresses some disbelief about the fervor that seems to pervade the pro/con waterfall debate, ie. that there’s only “one true way” to deliver software: (emphasis mine)

Frankly, I’m perplexed by the belief among many technology practitioners in the ideal, the “one true process,” that will solve any problem, whether it is Waterfall, Spiral, Agile, or whatever comes next. It is a fixation I believe is unique to IT - I don’t remember seeing this type of zealotry when I worked as a manufacturing R&D engineer at Bell Helicopter. Engineers there had a much more experiment, do-what-it-takes sort of attitude that couldn’t be captured, analyzed, and then reduced to a simple prescription for project success.

With all due respect (and a wink and a nod), David’s probably not thinking of some of the holy wars that are waged in other disciplines like physics, quantum mechanics, climatological science and medicine when it comes to “one true way” zealotry.  Hell, look at the trouble Robin Warren and Barry Marshall had to overcome in gaining acceptance of their evidence that a bacterium and not spicy foods were responsible for the vast majority of gastric and peptic ulcers.  Intransigence and zealotry can be found just about anywhere.

But I digress:  I also have to disagree with David's observation that the "experiment, do-what-it-takes" attitude of the Bell R&D engineers can't be captured and turned into a prescription for better project outcomes.  In fact, this is the very essence of the models used in manufacturing (ie Toyota Production System, Lean) that agilists have adapted into a variety of methodologies from Scrum to XP to Crystal Clear to Lean.

Thus, while I agree that there isn’t an out-of-the-box “silver bullet” that will make every project successful, I am of the opinion that practices which belong to the family of empirical process controls have the highest probability for successfully delivering working software than any other process because they have significantly better visibility into project activities and an internal feedback-loop to support self-correction based on the realities of the situation at hand rather than a six-month-old plan.

Agile Values

David concludes his post by observing that in the final analysis it may be better to rely on human characteristics such as “brilliance, bravery, strength, and intelligence” to solve our problems than a naive and idealistic belief in a singular “right” way to build software.  I think David’s got this half right, because I think he’s not fully aware of the values that back-up agile/lean/iterative practices – and I’ll grant that the zealots probably don’t know them, either. 

For example, take the first value statement of the Agile Manifesto:

We are uncovering better ways of developing software by doing it and helping others do it. Through this work we have come to value:

Individuals and interactions over processes and tools.

Next, consider the Four Values that Kent Beck defines for project success under eXtremeProgramming practices:

We will be successful when we have a style that celebrates a consistent set of values that serve both human and commercial needs:  communication, simplicity, feedback and courage. 

Finally, consider Scrum creator Ken Schwaber’s comments on the challenges and rewards for implementing agile practices:

Of all organizations that attempt to become a world class software organization (by adopting agile practices like Scrum) only one third will make it.

The inspect and adapt practices of Scrum is where the pain comes in, because when you start doing that you discover everything in your organization that’s not working.

Agile is hard work;  it’s a long process and it is extraordinarily satisfying

These aren't the words of idealistic zealots, but reasoned pragmatists, and they demonstrate a closer affinity to the core "human" values that David seems to cherish.  While he may be dissuaded or alienated by the zealots who proclaim "one true way", the fact of the matter is that agile/lean/iterative disciplines (and that is what they are) work because they are built upon the fundamental understanding that building software is about people and how they can work best in a very complex and creative enterprise.

Welcome back for the third installment in my series (see Part 1, Part 2) wherein I chronicle my efforts refactoring some code I wrote over four years ago to implement a chess rules engine and WinForms control using C# under .NET v1.1.  I’m hoping to demonstrate over the next few posts a few tips, techniques and tricks to improve established code with refactorings, unit tests and application of best practices that you might find useful in your own endeavours.

Last week I mentioned two tools that I’ll be using from this point forward to support constructing and running unit tests so we can backstop our new code against making destructive changes that would otherwise bust the build or introduce new bugs that we didn’t intend:  NUnit and TestDriven.NET.  For the impatient out there, we will be getting into refactoring soon, but as we’ll see below, I ran into a little issue as a result of setting up my tests that necessitated some backtracking.

Briefly, here’s a quick overview of each tool:

In spite of rumours on its demise, NUnit is very much the de facto if not the de jure free (as in beer) unit test suite for the .NET Framework.  Yes, Visual Studio 2005 in the Team Editions supports its own unit test framework, which looks a lot like NUnit tests with differently-named method and class decorators, but I prefer the original.  NUnit is modeled after JUnit, the Java unit test suite which in turn was based on seedwork by Kent Beck in Smalltalk – it has, therefore, a pretty solid pedigree.

NUnit provides you with a framework for writing regression test assertions to validate code behaviours along with both a console and GUI test runner harness.  If you haven’t done any Test Driven Development (TDD) before, this will be a pleasant experience as you won’t have to roll-your-own test harnesses to see if your code works – you’ll just run the test assemblies and get immediate feedback on whether they passed or failed.

Another upshot to using a framework like NUnit is the option of later “hooking” your tests into a continuous integration suite like CruiseControl.NET which can synthesize your code versioning, build and tests to run automatically on code check-ins or other triggering events.

I’ve installed the latest stable version of NUnit for this exercise: 2.4.3 for .NET 2.0.

While NUnit is the cat’s pajamas for unit testing, and does support some IDE integration, it lacks a certain panache since its test-running goodness is run via an external app.  This can be a throw-the-hands-in-the-air point for some folks who just cannot live without doing everything in Visual Studio, and will forever despise writing and running unit tests without some IDE support.  So, to kick things up a notch and keep these folks interested, on-board and insanely productive, I recommend downloading and installing the TestDriven.NET Visual Studio add-in. 

I won’t go much further into the addin except to say that it allows you the ability to run your tests simply by right-clicking inside either the test fixture class or test method – easy peasy.  If you want to know more, check out the developer’s site for excellent overviews and tutorials.  Ok, here’s a quick screen cap, just to whet the appetite:

I’m using the latest stable version: 2.8.2130 – It runs in all versions of Visual Studio except the Express Editions, which is for a whole host of reasons.

Getting ready to test:  Adding a test fixture project

Once NUnit is installed, all of its core libraries are available to all and sundry projects through the GAC, so all we need to do is create a new library for housing our test classes (aka Test Fixtures) and add a reference to the NUnit.Framework to get access to the all the unit testing goodness.  There are a number of schools of thought on how tests could/should be organized and named – below is my preference:

In this way, I create an NUnit test assembly for each assembly or executable I’m testing and it is clearly identified with the .Tests suffix.  Now, I’ll add references for the RNChessRulesEngine and RNChessBoardCommonTypes projects, since there are dependencies between them;  next, I’ll add a reference to the nunit.framework assembly via the .NET tab in the Add Reference window.  Finally, I’ll rename the stubbed-out class ChessRulesEngine.TestFixture.cs, add some namespace references and an  NUnit TestFixture attribute to indicate that this class will be used for containing test code:

Now that I’m this far, I’ll do a quick build and commit the new project to source control before proceeding.

Supporting the rules engine with preliminary unit tests 

In the last installment, I decided to start my refactoring within the DoPlayerMove(int32,int32) method in the rules engine as it had not only a high cyclomatic complexity score, but was also an obvious entry point for running subsequent routines.  This brings up an some questions:  How do we know if the engine is running correctly right now?  Subsequently, what kind of tests should we be writing?

Note:  If you’ve never written a unit test before, don’t panic:  It’s dead easy.  Check out the NUnit Quickstart tutorial for some examples.

At a fundamental level, we want to craft tests that will demonstrate that the basic operations of the engine are sound, ie. that we trap for bad input, process moves correctly and can play out a game to mate.  My first inclination is to code up a test that would play a well-known, classic game like Capablanca vs. Alekhine 1927 – French Exchange.  This way, I know for certain what the outcomes after each move should be, the material captured, number of half moves (white) and full moves (black) that have occurred, check states for either side’s king and checkmate state.

Algebra rears its ugly head.  Well, sort of.

Sounds like we have a plan, right?  Of course, there’s always a little trip-up:  DoPlayerMove() is a private method that is called by another private method, CommitPlayerMove(), which in turn is called by the publicly-accessible MakeMove().  We have our work cut out for us:  In order to run a sample game through the engine, we need to validate the behaviours for MakeMove() which takes input from two strings representing the Standard Algebraic Notation (SAN) for the “from” and “to” squares, using the numbers 1–8 and letters A-H to represent the ranks and files (rows and columns of squares)respectively.  Thus, if we want to make a basic Queen’s pawn opening, we’d want to move from “D2” to “D4”. 

Let’s build-out a test to verify that the input “D2” and “D4” results in a valid move.  First, we need to add a member object for the rules engine so we can test it, and a special NUnit method to instantiate the object when the battery of tests are run for the first time called TFSetUp():

Note the [TestFixtureSetUp] attribute that tells the NUnit framework to run this method exactly once for every run of our test fixture class.  Next, let’s add a method to exercise MakeMove() with the SAN I mentioned above:

A few things to note here: 

1. The [Test] attribute, which indicates that this method is a unit test and should be executed by the NUnit framework;
2. The test method name follows a convention to make it easy to identify (hat tip to Roy Osherove) the method, test state and expected outcome for the test. 
3. I’m using a classic NUnit assertion, Assert.AreEqual(), which compares an expected value (MoveResult.Legal enum) against the actual value returned from the PlayerMoveStatus property, which is a struct defined in RNChessDataTypes.cs.  I’ve also added a descriptive message that will be returned when the test fails so that we can get meaningful feedback.

Observant keener types will notice that in my Assertion, I’m expecting MoveResult.ILLEGAL.  This is because I want the test to fail first – this way I can be assured that the method is running correctly.  Right-click inside the test method and select Run Test(s) from the context menu – you’ll see the following in the Output pane:

Blammo!  We have our first validation point that the engine is working correctly – it’s taking input for a valid move and is returning a confirmation.  Moving on, we adjust the method to check for PlayerMoveResult.LEGAL and the we get a pass:

Let’s add another test to check out an illegal opening move – say the King’s pawn, three squares forward.  We’ll follow the same pattern as above:

And the same drill as before:  Run the test, watch it fail, then adjust to assert on MoveResult.ILLEGAL; run the test and it should pass easily.

Note that I’ve re-instantiated ChessRulesEngine on line 41 – I wanted to revert the object to its default state so that I could properly test the opening move.  However, why not use the object’s ResetBoard() or UndoLastMove() methods to do the same thing?  Because we want to make sure that our tests can be run in isolation of each other and test only the operations we’re controlling.  By calling in ResetBoard() or UndoLastMove() inside a test method, we’re assuming that they work properly – until we know otherwise, we need to do like Fox Mulder and trust no-one!

So, I need to refactor my test code.  I want to reset the state of the ChessRulesEngine object before each test without having to new one up.  We can do this via a method decorated with the SetUp attribute: 

We can take out line 41 in the MakeMove_OpenE2E5_Illegal() test method, build and run the tests for sanity and revel in our Homer Simpson-style productivity gains.  Don’t forget, we’re starting off easy here – this will pay dividends later on.

Defining What to Test

So far, it seems like we’re being somewhat arbitrary in our tests – while testing this input is good, and we do have a goal for writing a test to run through a sample game, we should have a few “rigor rules” to guide our efforts to make sure we’re writing valuable tests and not just ad hoc queries to satisfy curiosity.  This is where I like to refer to advice from Andy Hunt and Dave Thomas, the original Pragmatic Programmers.

In their book, Pragmatic Unit Testing in C# with NUnit, 2nd Ed., Hunt and Thomas wrap up their experiences for writing top-notch unit tests with three acronyms:

• Good tests are A-TRIP: Automatic, Thorough, Repeatable, Independent and Professional
• Write tests using your RIGHT-BICEP
• Ensure that boundary conditions are CORRECT

I won’t rehash the acronyms here (you can check out the link above), however, suffice to say that we need to write tests that focus on one thing at a time, can be run independent of one another (ie, they don’t require prior tests to be run first) and exercise the code’s extremities, ie. anything that might break and anything that does break.

Let’s Try Breaking MakeMove()

To round out this post, let’s try writing a test to push in bad input to the MakeMove() method to see what happens.  I have no idea what to expect, so I decide to try this:

Running the test, I got the following results:

A-ha!  Now we have grounds for a new assertion – the engine does appear to validate input, throwing an ArgumentException if things are out of whack.  We can test for expected exceptions by adding the ExpectedException attribute to our test definition:

I’ve dispensed with writing this test to fail-first with a different exception, since my initial run provided me with the expected exception.  An important thing to note here is that I’m not writing the tests to pass, but using my knowledge of the system and code as I go to validate assumptions – which can change later on, depending on refactorings.

Next:  More tests, web-accessible source

For the next installment, I’ll be getting into more meaty tests to validate inputs using Hunt & Thomas’ unit test guidelines and  I’m also going to look into setting up web access for the source tree to provide the latest versions of the code via Subversion as we go along.  As part of this effort, I’ll be writing some tests that I’ll share to validate the moves in a historical game.  Until then, as always I welcome input on the posts so far and any constructive criticisms.  Cheers!