Cirrocumulus Musings

Cloudstore

Cloudstore – A marketplace for Government

Microsoft Marketplace and the Apple's App Store have revolutionised how we all buy and use software. It's now the best way to 'buy bits'. So why shouldn't government consumers be able to connect with their suppliers in a similar way?

That was the challenge to Solidsoft from the Cabinet Office.

We responded with the CloudStore.
It replaces a complex system which had different applications from different providers spread across multiple locations. That made evaluating services and suppliers really difficult. Different departments could even find themselves vetting the same applications
Civil servants can now view and procure 1700 approved products and services from the G-Cloud Framework, all in one place. They can also exchange ideas and experiences. That means better-informed buying decisions and increased sharing and re-use of proven applications. Saving money and time, and improving working relationships between government and suppliers.

The CloudStore runs on the cutting-edge Azure platform, with the latest HTML interfaces. Best of all, it went from zero to live in just six weeks. And the story's not over yet.

Solidsoft’s CEO stated:

“Our work on this project, built on the Microsoft platform, will help advance the uptake of Cloud technology and fuel the growth of the UK’s IT SMEs. The CloudStore will help the public sector harness the agility and innovation that SMEs bring to the table. At the same time, it will help those SMEs to conduct effective business with Government, on a level playing field with their larger counterparts. ”

Go and have a look….http://www.govstore.net/

Azure Postings–10/01/2012

Windows Azure Platform

How to Sort Azure Table Store results Chronologically

How to upload your Excel and CSV data to the Cloud - Blob Storage

SQL Azure Database

Notification and Job Scheduling Service for SQL Azure

SQL Azure Tutorials – Blog

SQL Azure Tutorials - Helping you with Cloud Databases

How to build a SQL Server Reporting Services report with SQL Azure?

Middleware in the cloud

SAP meet Azure Service Bus – EAI/EDI December 2011 CTP

Azure Service Bus EAI/EDI December 2011 CTP – New Mapper

Introduction to the Azure Service Bus EAI/EDI December 2011 CTP

Latest Azure Download Versions

Download	Version	Group
Windows Azure Tools for Microsoft Visual Studio	November 2011	SDK
Windows Azure Libraries for .NET	Version 1.6	SDK
Windows Azure Authoring Tools	November 2011	SDK
Windows Azure Emulators	November 2011	SDK
ASP.Net MVC3	MVC 3	SDK

 

Tell Us Once - Review

Tell Us Once (TUO) is the award-winning, cross-government programme that lets people inform central government and local authorities just once of a birth or death. By March 2012 it will be in service in over 95% of councils in England, Scotland and Wales.

It has provided a permanent solution to the long-standing and frustrating issue of people having to notify the government multiple times. Several years ago, research showed that people had to make up to 44 contacts when reporting a death to government bodies and their local authority.

The TUO service is offered as a face-to-face interview by the local authority or by telephone to a dedicated telephony service run by the Department for Work and Pensions (DWP). March 2012 a TUO online service will be offered via the Directgov website.

This programme is supported by innovative software developed by Solidsoft on the Microsoft stack providing a national system for the citizen coupled with cross government data distribution.

Solidsoft first became involved in the project over 4 years ago when asked to support the then Office of the Deputy Prime Minister (now Cabinet Office) in providing architectural guidance to a small team considering how to make it easier for the citizen to report changes of circumstance to government. This team was part of the newly formed Tell Us Once initiative lead by Lyn MacDonald.

A prototype and a high successful  pilot later the green light was finally given to deliver the national system with the first phase going life September 2011. Of course this was not without a quite bumpy path not least when a change of government caused the freezing of all projects including Tell Us Once for a number months shortly after development had started in earnest!

Today over 300 councils are providing the service with over 2,500 customer interactions taking place each day! By April 2012 this will have risen to over 400 councils and over 3,500 transactions taking place each day.

The project is one of the first cross government, citizen facing successes for a long time. It was made possible by the partnership of DWP, the stack holders (councils and government departments), AtoS and Solidsoft.

Furthermore it is an exemplar of how SME’s like Solidsoft can work to deliver solutions across government with the help of large SI’s such as AtoS.

Over the coming months we will be looking at how this was achieved and where it should go next.

Tell Us Once - Review

Tell Us Once (TUO) is the award-winning, cross-government programme that lets people inform central government and local authorities just once of a birth or death. By March 2012 it will be in service in over 95% of councils in England, Scotland and Wales.

It has provided a permanent solution to the long-standing and frustrating issue of people having to notify the government multiple times. Several years ago, research showed that people had to make up to 44 contacts when reporting a death to government bodies and their local authority.

The TUO service is offered as a face-to-face interview by the local authority or by telephone to a dedicated telephony service run by the Department for Work and Pensions (DWP). March 2012 a TUO online service will be offered via the Directgov website.

This programme is supported by innovative software developed by Solidsoft on the Microsoft stack providing a national system for the citizen coupled with cross government data distribution.

Solidsoft first became involved in the project over 4 years ago when asked to support the then Office of the Deputy Prime Minister (now Cabinet Office) in providing architectural guidance to a small team considering how to make it easier for the citizen to report changes of circumstance to government. This team was part of the newly formed Tell Us Once initiative lead by Lyn MacDonald.

A prototype and a high successful  pilot later the green light was finally given to deliver the national system with the first phase going life September 2011. Of course this was not without a quite bumpy path not least when a change of government caused the freezing of all projects including Tell Us Once for a number months shortly after development had started in earnest!

Today over 300 councils are providing the service with over 2,500 customer interactions taking place each day! By April 2012 this will have risen to over 400 councils and over 3,500 transactions taking place each day.

The project is one of the first cross government, citizen facing successes for a long time. It was made possible by the partnership of DWP, the stack holders (councils and government departments), AtoS and Solidsoft.

Furthermore it is an exemplar of how SME’s like Solidsoft can work to deliver solutions across government with the help of large SI’s such as AtoS.

Over the coming months we will be looking at how this was achieved and where it should go next.

Tell Us Once–In the news

This morning the director of the Tell Us Once project, Lyn McDonald appeared on BBC Breakfast television to talk about the success that the launch of Tell Us Once is bringing to both central government and local government . Furthermore she also expressed the benefit that it is providing to the citizen. Through the rest of the morning the news around TUO is being presented by Lyn and Matt Briggs across radio and TV.

Tell Us Once is the major project Solidsoft have been developing on behalf of DWP.

Tell Us Once, a new service which takes on the responsibility from loved ones of notifying relevant government departments and services of a family bereavement and for a birth. The optional and free facility will be offered by council registrars to family members at the end of a death registration appointment or birth registration process.

The Tell Us Once Service will the share relevant details with a number of central and local government organisations, giving the bereaved or new parents a much simpler way of reporting a change to their family circumstances.

By March 2012 over 95% of councils will be online with TUO providing either bereavement, birth or both to their citizens.

Solidsoft have been involved with the project for over 4 years and have not only delivered the latest release but also provided a pilot project that ran for over 2 years in 44 councils prior to the latest full release.

 

TUO is one of the great successes in Government IT delivery and in the future will branch out to support both the  private sector and more changes of circumstance such as Change of Address.

Problem building BizTalk projects in TFS 2010

Dave Robinson – one of my Solidsoft Colleagues’ has recently been working with BizTalk 2009 and TFS 2010 and solved a number of issues. Dave writes:

I’ve been doing a bit of work building BizTalk 2009 projects with TFS build 2010. I’ve encountered a number of issues.

1. You get errors when trying to use the 64 bit versions of MSBuild to compile BizTalk Applications. The issue and fix are mentioned here

- http://rusteddev.wordpress.com/2010/06/15/build-biztalk-2010-beta-project-with-tfs-2010-use-x86-version-of-msbuild/

- Although the link is talking about BizTalk 2010, you get the same problems.

2. Some projects types will have problems resolving references to components, i.e. some types are referenced in both v2 and v4 of the .Net framework. This is down to a problem with BizTalk 2009/.Net 4 (which the BizTalk team need to produce a fix for) has problems with these so you need to perform the following workaround

- http://connect.microsoft.com/VisualStudio/feedback/details/529553/automated-build-of-biztalk-2009-project-fails-in-tfs-2010-beta-2-build-server

- I found that I got this problem for

• Any schema projects which referenced a common property schema that was using System.Xml
• Any orchestrations that were using System.Diagnostics
• Different scenarios may also show the same symptoms, but the fix is the same.

Case Study: Nationwide runs high-performing FPS

Nationwide, the world’s largest building society realised the benefits of Faster Payments with the help of Microsoft Services and interestingly enough a team of BizTalk experts from Solidsoft.

For a number of years Solidsoft has provided senior software consultants expert in Microsoft  BizTalk server and many other Microsoft products support of Microsoft Service led developments. The Nationwide project has proved no different with Solidsoft providing a team of 6 to support the successful development  of the Faster Payments system.

The case study can be viewed here: http://www.onwindows.com/Articles/Nationwide-runs-highperforming-FPS/5236/Default.aspx

Safari Extensions - Safari 5.0.1

Extensions are a great way for you to add new features to Safari 5.0.1. Built by developers, Safari Extensions use the latest HTML5, CSS3, and JavaScript web technologies. And they’re digitally signed and sandboxed for improved security. You can install extensions with one click — no need to restart Safari.

http://extensions.apple.com/#productivity

Tell Us Once

Sir David Varney headed a review into Transformational Government in 2006 . Among its recommendations was one particular one that had been driven by the amount of contact points a citizen had to make with government for a Change of Life event such as birth and death.

It gave one example of where a citizen had to make 44 separate contacts to government departments following the premature death of her husband.  At this emotional time, this kind of experience adds an unnecessary burden on the customer which is rightly seen as unacceptable.  The report's recommendations included developing a change of circumstances service starting with bereavement, birth and change of address by 2010, so that citizens didn't have to notify multiple public services. The Tell Us Once programme was setup shortly afterwards to investigate how to progress this recommendation.

‘Tell us Once’ is a major programme, being led by DWP on behalf Government as a whole, to transform the way in which people can tell Government (central and local) about changes to their circumstances. At its heart –as it says on the tin –is the proposition that people should only have to tell us things –like a birth or death –once and we will make sure that information reaches all the Government Departments and Agencies that need to know. That sounds an utterly obvious thing to do –and it is –but making it a reality is very challenging.” 

Sir Leigh Lewis, Permanent Secretary Department for Work and Pensions

Solidsoft have been involved with this project almost since the start so much so the work delivered in support of the Tell Us Once pilot has been recognised by Microsoft.  On the 23rd June it was announced Solidsoft had been selected as a finalist for the Microsoft Partner Awards in the Custom Development Solutions, Application Infrastructure Development Partner of the Year award category.

“It’s a pleasure and a privilege to receive this nomination, particularly in such a highly competitive field. The Solidsoft Tell Us Once Team has created a great Pathfinder Application for the United Kingdom, which both saves the taxpayer money and makes it easier for citizens to interact with their Government. Not only is the application a success in the eyes of Microsoft, the customer feedback on their experience has been outstanding. We look forward to continuing to deliver innovative solutions on the Microsoft Application Platform to both public and private sector customers.”

Solidsoft – www.solidsoft.com

Moving forward the Solidsoft Tell Us Once development team is delivering the full national solution to meet the Varney desire of having Tell Us Once in place for 2010.

This blog will track the progress of a Government IT project that delivers tangible results for the citizen.

WCF-SQL Notification issues

An interesting ‘rant’ by my fellow Solidsoft buddy Russell Smith:

Thought you chaps would be interested in this after hearing my rantings yesterday about the WCF-SQL adapter and notification issues.

I got to the bottom of the issue, it wasn’t the adapter in the end it was the database and not the adapter at all.  This was a database supplied by PICT that was restored onto my image.  Apparently in order for the notification mechanism to work there are some strict requirements on the database SET options and in the select queries that can be used.  I finally found a decent article at: http://msdn.microsoft.com/en-us/library/ms181122.aspx

A quick summary is that the DB must have the following options set:

• ANSI_NULLS ON
• ANSI_PADDING ON
• ANSI_WARNINGS ON
• CONCAT_NULL_YIELDS_NULL ON
• QUOTED_IDENTIFIER ON
• NUMERIC_ROUNDABORT OFF
• ARITHABORT ON

And the select statement must conform to:

• The projected columns in the SELECT statement must be explicitly stated, and table names must be qualified with two-part names. Notice that this means that all tables referenced in the statement must be in the same database.
• The statement may not use the asterisk (*) or table_name.* syntax to specify columns.
• The statement may not use unnamed columns or duplicate column names.
• The statement must reference a base table.
• The statement must not reference tables with computed columns.
• The projected columns in the SELECT statement may not contain aggregate expressions unless the statement uses a GROUP BY expression. When a GROUP BY expression is provided, the select list may contain the aggregate functions COUNT_BIG() or SUM(). However, SUM() may not be specified for a nullable column. The statement may not specify HAVING, CUBE, or ROLLUP.
• A projected column in the SELECT statement that is used as a simple expression must not appear more than once.
• The statement must not include PIVOT or UNPIVOT operators.
• The statement must not include the UNION, INTERSECT, or EXCEPT operators.
• The statement must not reference a view.
• The statement must not contain any of the following: DISTINCT, COMPUTE or COMPUTE BY, or INTO.
• The statement must not reference server global variables (@@variable_name).
• The statement must not reference derived tables, temporary tables, or table variables.
• The statement must not reference tables or views from other databases or servers.
• The statement must not contain subqueries, outer joins, or self-joins.
• The statement must not reference the large object types: text, ntext, and image.
• The statement must not use the CONTAINS or FREETEXT full-text predicates.
• The statement must not use rowset functions, including OPENROWSET and OPENQUERY.
• The statement must not use any of the following aggregate functions: AVG, COUNT(*), MAX, MIN, STDEV, STDEVP, VAR, or VARP.
• The statement must not use any nondeterministic functions, including ranking and windowing functions.
• The statement must not contain user-defined aggregates.
• The statement must not reference system tables or views, including catalog views and dynamic management views.
• The statement must not include FOR BROWSE information.
• The statement must not reference a queue.
• The statement must not contain conditional statements that cannot change and cannot return results (for example, WHERE 1=0).
• The statement can not specify READPAST locking hint.
• The statement must not reference any Service Broker QUEUE.
• The statement must not reference synonyms.
• The statement must not have comparison or expression based on double/real data types.
• The statement must not use the TOP expression.

I think however the main reason this is likely to be a no go in a production environment is the following permissions and alter statements also have to be run:

ALTER DATABASE [Biztalk_saafmdb] SET NEW_BROKER with rollback immediate

ALTER DATABASE [Biztalk_saafmdb] SET ENABLE_BROKER

CREATE MASTER KEY ENCRYPTION BY PASSWORD = 'password1#'

select is_broker_enabled from sys.databases where name = 'Biztalk_saafmdb'

use Biztalk_saafmdb

GRANT CREATE PROCEDURE TO [BTS2009-RUSSELL\BizTalk Application Users]

GRANT CREATE QUEUE TO [BTS2009-RUSSELL\BizTalk Application Users]

GRANT CREATE SERVICE TO [BTS2009-RUSSELL\BizTalk Application Users]

GRANT SUBSCRIBE QUERY NOTIFICATIONS TO [BTS2009-RUSSELL\BizTalk Application Users]

GRANT SELECT ON OBJECT::Biztalk_saafmdb.dbo.bts_MembersRetired TO [BTS2009-RUSSELL\BizTalk Application Users]

GRANT RECEIVE ON QueryNotificationErrorsQueue TO [BTS2009-RUSSELL\BizTalk Application Users]

And yes these permissions do need to be maintained at run time, there is a generated stored procedure that gets created on various events, not got to the bottom of this completely but it appears to be when the receive location is started and stopped. 

FIX: You experience various problems when you develop a BizTalk project that references another BizTalk project in Visual Studio on a computer that is running BizTalk Server 2009

If when developing BizTalk 2009 solutions (Orchestrations) and have split the schemas out into alternative assemblies (projects) – sometimes you’ll get odd not found issues with some (if not all) of the types in those referenced assemblies. Solution is this hot fix - http://support.microsoft.com/kb/977428/en-us  

Top 25 security issues for developers of web sites

Sourced from: CWE

This is a brief listing of the Top 25 items, using the general ranking.

NOTE: 16 other weaknesses were considered for inclusion in the Top 25, but their general scores were not high enough. They are listed in the On the Cusp focus profile.

[1] CWE-79
Failure to Preserve Web Page Structure ('Cross-site Scripting')

[2] CWE-89
Improper Sanitization of Special Elements used in an SQL Command ('SQL Injection')

[3] CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')

[4] CWE-352
Cross-Site Request Forgery (CSRF)

[5] CWE-285
Improper Access Control (Authorization)

 CWE-807
Reliance on Untrusted Inputs in a Security Decision

[7] CWE-22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

 CWE-434
Unrestricted Upload of File with Dangerous Type

[9] CWE-78
Improper Sanitization of Special Elements used in an OS Command ('OS Command Injection')

[10] CWE-311
Missing Encryption of Sensitive Data

[11] CWE-798
Use of Hard-coded Credentials

[12] CWE-805
Buffer Access with Incorrect Length Value

[13] CWE-98
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP File Inclusion')

[14] CWE-129
Improper Validation of Array Index

[15] CWE-754
Improper Check for Unusual or Exceptional Conditions

[16] CWE-209
Information Exposure Through an Error Message

[17] CWE-190
Integer Overflow or Wraparound

[18] CWE-131
Incorrect Calculation of Buffer Size

[19] CWE-306
Missing Authentication for Critical Function

[20] CWE-494
Download of Code Without Integrity Check

[21] CWE-732
Incorrect Permission Assignment for Critical Resource

[22] CWE-770
Allocation of Resources Without Limits or Throttling

[23] CWE-601
URL Redirection to Untrusted Site ('Open Redirect')

[24] CWE-327
Use of a Broken or Risky Cryptographic Algorithm

[25] CWE-362
Race Condition

Cross-site scripting and SQL injection are the 1-2 punch of security weaknesses in 2010. Even when a software package doesn't primarily run on the web, there's a good chance that it has a web-based management interface or HTML-based output formats that allow cross-site scripting. For data-rich software applications, SQL injection is the means to steal the keys to the kingdom. The classic buffer overflow comes in third, while more complex buffer overflow variants are sprinkled in the rest of the Top 25.

Hidden Windows 7 Wallpaper

To find the hidden wallpaper:

1. Type globalization in a search of your C: drive.
2. The only result should be a folder located in the main Windows directory, and you should only be able to see ELS and Sorting folders nested here.
3. Now search for MCT in the top-right search bar.
4. This will display five new unindexed folders, each corresponding to a different global region. Browse these folders for some extra themes and wallpapers specific to Australia, USA, South Africa, and Canada.

From here you can select a new wallpaper.

BizTalk Best Practice Analyzer v1.2 – BTS 06,06R2 + 09

BizTalk Best Practice Analyser is released and available for download.

Download: BizTalkBPA V1.2

As always another very handy tool is the Message Box Viewer (Currently V10) which provides some very detailed information as well.

Download: Message Box Viewer (MBV)

Enjoy your day,

Mick.

Read the complete post at http://blogs.breezetraining.com.au/mickb/2010/03/31/BizTalkBestPracticeAnalyzerV12BTS0606R209.aspx