Scott Hanselman

NuGet Package of the Week: ASP.NET Web API Caching with CacheCow and CacheOutput

June 27, '14 Comments [9] Posted in ASP.NET Web API | NuGet | NuGetPOW
Sponsored By

You can see other cool NuGet Packages I've mentioned on the blog here. Today's NuGet package is CacheCow, which has possibly the coolest Open Source Library name since Lawnchair.js.

image

"CacheCow is a library for implementing HTTP caching on both client and server in ASP.NET Web API. It uses message handlers on both client and server to intercept request and response and apply caching logic and rules."

CacheCow was started by Ali Kheyrollahi with help from Tugberk Ugurlu and the community, and is a fantastically useful piece of work. I wouldn't be surprised to see this library start showing in more places one day.

As an aside, Ali, this would be a great candidate for setting up a free AppVeyor Continuous Integration build along with a badge showing that the project is building and healthy!

CacheCow on the server can manage the cache in a number of ways. You can store it in SQL Server with the EntityTagStore, or implement your own storage handler. You can keep the cache in memcached, Redis, etc.

Consider using a library like CacheCow if you're putting together a Web API and haven't given sufficient thought to caching yet, or if you're already sprinkling cache code throughout your business logic. You might already suspect that is going to litter your code but perhaps haven't gotten around to tidying up. Now is a good time to unify your caching.

As a very simple example, here's the HTTP Headers from an HTTP GET to a Web API:

Cache-Control: no-cache
Content-Length: 19
Content-Type: application/json; charset=utf-8
Date: Fri, 27 Jun 2014 23:22:10 GMT
Expires: -1
Pragma: no-cache

Here's the same thing after adding the most basic caching to my ASP.NET applications config:

GlobalConfiguration.Configuration.MessageHandlers.Add(new CachingHandler(GlobalConfiguration.Configuration));

The HTTP Headers with the same GET with CacheCow enabled:

Cache-Control: no-transform, must-revalidate, max-age=0, private
Content-Length: 19
Content-Type: application/json; charset=utf-8
Date: Fri, 27 Jun 2014 23:24:16 GMT
ETag: W/"e1c5ab4f818f4cde9426c6b0824afe5b"
Last-Modified: Fri, 27 Jun 2014 23:24:16 GMT

Notice the Cache-Control header, the Last-Modified, and the ETag. The ETag is weak as indicted by "W/" which means that this response is semantically equivalent to the last response. If I was caching persistently, I could get a strong ETag indicating that the cached response was byte-for-byte identical. Also, if the client was smart about caching and added If-Modified-Since or If-None-Match for ETags, the response might be a 304 Not Modified, rather than a 200 OK. If you're going to add caching to your Web API server, you'll want to make sure your clients respect those headers fully!

From ALI's blog, you can still use HttpClient in your clients, but you use WebRequestHandler as the message handler:

HttpClient client = new HttpClient(new WebRequestHandler()
{
CachePolicy = new RequestCachePolicy(RequestCacheLevel.Default)
});
var httpResponseMessage = await client.GetAsync(http://superpoopy);

Really don't want a resource cached? Remember, this is HTTP so, Cache-Control: no-cache from the client!

Of course, one of the most important aspects of caching anything is "when do I invalidate the cache?" CacheCow gives you a lot control over this, but you really need to be aware of what your actual goal is or you'll find things cache you don't want, or things not cached that you do.

  • Are you looking for time-based caching? Cache for 5 min after a DB access?
  • Are you looking for smart caching that invalidates when it sees what could be a modification? Invalidate a collection after a POST/PUT/DELETE?

Given that you're likely using REST, you'll want to make sure that the semantics of these caching headers and their intent is reflected in your behavior. Last-Modified should reflect realty when possible.

From the CacheCow Wiki, there's great features for both the Server-side and Client-side. Here's CacheCow.Server features

  • Managing ETag, Last Modified, Expires and other cache related headers
  • Implementing returning Not-Modified 304 and precondition failed 412 responses for conditional calls
  • Invalidating cache in case of PUT, POST, PATCH and DELETE
  • Flexible resource organization. Rules can be defined so invalidation of a resource can invalidate linked resources

and the CacheCow.Client features

  • Caching GET responses according to their caching headers
  • Verifying cached items for their staleness
  • Validating cached items if must-revalidate parameter of Cache-Control header is set to true. It will use ETag or Expires whichever exists
  • Making conditional PUT for resources that are cached based on their ETag or expires header, whichever exists

Another good ASP.NET caching library to explore is ASP.NET Web API "CacheOutput" by Filip Wojcieszyn. While it doesn't have an fun to say name ;) it's got some great features and is super easy to get started with. You can find CacheOutput with NuGet at

Install-Package Strathweb.CacheOutput.WebApi2

And you'll configure your caching options using the intuitive CacheOutput attributes like those you may have seen in ASP.NET MVC:

[CacheOutput(ClientTimeSpan = 100, ServerTimeSpan = 100)]
public IEnumerable<string> Get()
{
return new string[] { "value1", "value2" };
}

ASP.NET Web API CacheOutput has great getting started docs and clear easy to ready code.

So, you've got options. Go explore!

You can also pickup the Pro ASP.NET Web API book at Amazon. Go explore CacheCow or CacheOutput and support open source! If you find issues or feel there's work to be done in the documentation, why not do it and submit a pull request? I'm sure any project would appreciate some help with updated samples, quickstarts, or better docs.


Sponsor: Many thanks to our friends at Octopus Deploy for sponsoring the feed this week. Did you know that NuGet.org deploys with Octopus? Using NuGet and powerful conventions, Octopus Deploy makes it easy to automate releases of ASP.NET applications and Windows Services. Say goodbye to remote desktop and start automating today!

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by ORCS Web

NuGet Package of the Week: ImageProcessor - lightweight image manipulation in C#

May 21, '14 Comments [39] Posted in NuGet | NuGetPOW
Sponsored By

I really enjoy image manipulation in code. Sure, resizing photos is fun in Photoshop, but there's something viscerally enjoyable when you change images with your own code.

I've talked about image resizing libraries like ImageResizer before, but there's certainly room for more than one. Today I want to showcase ImageProcessor, an open source "collection of lightweight libraries written in C# that allows you to manipulate images on-the-fly using .NET 4+." ImageProcessor is available on GitHub.

ImageProcessor

ImageProcessor methods include; Resize, Rotate, Rounded Corners, Flip, Crop, Watermark, Filter, Saturation, Brightness, Contrast, Quality, Format, Vignette, Gaussian Blur, Gaussian Sharpen, and Transparency.

ImageProcessor has a notable number of configuration options for web apps, and a supporting ImageProcessor.Web package as well. It's an impressive body of work.

I like this simple example of loading, resizing, and saving an image with their fluent API:

// Read a file and resize it.
byte[] photoBytes = File.ReadAllBytes(file);
int quality = 70;
ImageFormat format = ImageFormat.Jpeg;
Size size = new Size(150, 0)

using (MemoryStream inStream = new MemoryStream(photoBytes))
{
using (MemoryStream outStream = new MemoryStream())
{
using (ImageFactory imageFactory = new ImageFactory())
{
// Load, resize, set the format and quality and save an image.
imageFactory.Load(inStream)
.Resize(size)
.Format(format)
.Quality(quality)
.Save(outStream);
}

// Do something with the stream.
}
}

You can easily chain functions with the API, like tinting and constraning:

imageFactory.Load(inStream)
.Constrain(size)
.Tint(Color.FromArgb(255, 106, 166, 204))
.Format(format)
.Save(outStream);

When you add ImageProcessor.Web it adds caching that takes pressure off your web servers. You can easily add HttpHandlers to watermark an image, for example, and cache the result.

This is a library that has as a lot of potential. Since it's open source, I'm sure they'd appreciate help from the community! Personally, I think they could use more Unit Tests and more examples.

Head over to https://github.com/JimBobSquarePants/ImageProcessor and star this project! Get involved, file issues, and contribute! http://imageprocessor.org/

Related Links


Sponsor: Many thanks to Izenda for sponsoring the blog feed this week. Please do check out their Intuitive Ad Hoc Reporting with Stunning Visualizations - Embed real time dashboards into your ASP.NET applications for easy, custom reports across all devices. Download a FREE TRIAL of Izenda Today!

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by ORCS Web

NuGet Package of the Week: Canopy Web Testing Framework with F#

March 25, '14 Comments [18] Posted in NuGet | NuGetPOW | Open Source
Sponsored By

I've been exploring Automated Browser Testing recently, and also checking out F# for unrelated reasons. However, when you combine the two you end up with "canopy." Canopy is a "f#rictionless web testing" framework that combines the flexibility of Selenium with the clean look of the F# language. F# is much terser (more elegant, even) than C#, and is garnering the interest of a lot of the .NET Open Source community. Folks are creating cool domain specific languages of their own using F# as the base.

You already have F# and perhaps didn't realize you did! If you don't, there's lots of ways to get F# for free. You can use F# for free with VS2013 Desktop Express plus Visual F# Tools 3.1.1.

F# is open source and cross platform, running on Linux, Mac OS X, Android, iOS, Windows as well as HTML5 and GPUs. F# is free to use and has an OSI-approved open source license.

Even if you don't feel like installing anything, you can learn and play with F# in your browser now! Check out http://www.tryfsharp.org 

Also check out FunScript, which is F# to JavaScript! Don't believe them? Try Pacman using F# and JavaScript with source!

image

Anyway, back to Canopy. Make a new Console app and NuGet in the canopy package:

image

The NuGet package will bring in Selenium as a dependency.

Then, try out their "Hello World" web testing sample, that I've also pasted here.

//these are similar to C# using statements
open canopy
open runner
open System

//start an instance of the firefox browser
start firefox

//this is how you define a test
"taking canopy for a spin" &&& fun _ ->
//this is an F# function body, it's whitespace enforced

//go to url
url "http://lefthandedgoat.github.io/canopy/testpages/"

//assert that the element with an id of 'welcome' has
//the text 'Welcome'
"#welcome" == "Welcome"

//assert that the element with an id of 'firstName' has the value 'John'
"#firstName" == "John"

//change the value of element with
//an id of 'firstName' to 'Something Else'
"#firstName" << "Something Else"

//verify another element's value, click a button,
//verify the element is updated
"#button_clicked" == "button not clicked"
click "#button"
"#button_clicked" == "button clicked"

//run all tests
run()

System.Console.WriteLine("press [enter] to exit")
System.Console.ReadLine() |> ignore

quit()

And boom, it just works. You can run this .NET application just like any other. .NET apps are .NET apps, as they say. It doesn't matter what language it's written in. When (if) you distribute this application you'd just include the contents of your Debug folder. No need to "install" F# or anything on the target machine.

image

You can do all sorts of Selenium testing with canopy, like:

//start a bunch of browsers and switch around
start firefox
let mainBrowser = browser
start chrome
let secondBrowser = browser
//switch back to mainBrowser after opening secondBrowser
switchTo mainBrowser

//take screenshots
let path = Environment.GetFolderPath(Environment.SpecialFolder.ApplicationData) + @"\canopy\"
let filename = DateTime.Now.ToString("MMM-d_HH-mm-ss-fff")
screenshot path filename

//get an element
element "#firstName" |> someParent

//press buttons
press tab
press enter
press down
press up
press left
press right

//check and click things
check "#yes"
click "#login"

//or even drag things!
drag ".todo" ".inprogress"

Oh, and by the way, the canopy library builds itself using FAKE, the F# Build System we talked about last week! Go check these projects out and offer to help or support them. There's a lot of interesting open source happening in the .NET space lately that may have been flying under your radar.

Related Links

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by ORCS Web

NuGet Package of the Week: FluentAutomation for automated testing of Web Applications

March 4, '14 Comments [25] Posted in NuGet | NuGetPOW | Open Source
Sponsored By

FluentAutomation starting a testLast week I was exploring today's varied choices we have for Automated Browser Testing. There's headless WebKit "browsers" like PhantomJS and cloud powered multi-browser testing tools like BrowserStack and SauceLabs.

Selenium is kind of the gold standard and offers not only a lot of "drivers" but also a lot of language bindings with which drive a browser. Sometimes browsers update so fast there can be some version incompatibilities with Selenium, but for the most part it works great once you've settled in.

One option I've been looking at is FluentAutomation. It's a fluent automation API that supports Selenium as well as WatiN along with all their flavors and drivers. Since Fluient supports Selenium, that means you can use the Selenium ChromeDriver, IEDriver, Remote Web Driver or even the headless PhantomJS. FluentAutomation is on GitHub, of course, as well as on NuGet.

FluentAutomation has great (and growing) documentation and has adopted and interesting fluent style for it's API.

Now, not everyone likes a "fluent" API so it may take a while to get used to. Often you'll be doing things over many lines when it's really just one line, for example, this is one line:

I.Open("http://automation.apphb.com/forms")
.Select("Motorcycles").From(".liveExample tr select:eq(0)")
.Select(2).From(".liveExample tr select:eq(1)")
.Enter(6).In(".liveExample td.quantity input:eq(0)")
.Expect
.Text("$197.72").In(".liveExample tr span:eq(1)")
.Value(6).In(".liveExample td.quantity input:eq(0)");

Notice the method chaining as well as the use of CSS selectors.

FluentAutomation also has the cool concept of a PageObject to take your potentially brittle scripts and give them more structure. PageObjects group your actions, expectations, and assertions and let you reuse code when a page appears in multiple tests.

For example you could have a high level test (this is XUnit, but you can use whatever you want):

public class SampleTest : FluentTest {
public SampleTest() {
SeleniumWebDriver.Bootstrap(SeleniumWebDriver.Browser.Chrome);
}

[Fact]
public void SearchForFluentAutomation() {
new BingSearchPage(this)
.Go()
.Search("FluentAutomation")
.FindResultUrl("http://fluent.stirno.com/blog/FluentAutomation-scriptcs/");
}
}

Then you can have separate PageObjects that have your own public methods specific to that page, as well as assertions you can reuse.

public class BingSearchPage : PageObject<BingSearchPage> {
public BingSearchPage(FluentTest test) : base(test) {
Url = "http://bing.com/";
At = () => I.Expect.Exists(SearchInput);
}

public BingSearchResultsPage Search(string searchText) {
I.Enter(searchText).In(SearchInput);
I.Press("{ENTER}");
return this.Switch<BingSearchResultsPage>();
}

private const string SearchInput = "input[title='Enter your search term']";
}

public class BingSearchResultsPage : PageObject<BingSearchResultsPage> {
public BingSearchResultsPage(FluentTest test) : base(test) {
At = () => I.Expect.Exists(SearchResultsContainer);
}

public BingSearchResultsPage FindResultUrl(string url) {
I.Expect.Exists(string.Format(ResultUrlLink, url));
return this;
}

private const string SearchResultsContainer = "#b_results";
private const string ResultUrlLink = "a[href='{0}']";
}

You don't have to be all structure and OO if you don't want. You can just as easily write scripts with FluentAutomation and head in a different direction.

FluentAutomation along with ScriptCS = Automating your Browser with C# Script

I've usually used Python with my Selenium scripts. I like being able to just make a text file and start scripting, then run, debug, continue, all from the command line. It feels simple and lightweight. Creating a DLL and running Unit Tests in C# usually comes later, as I can move faster with a "scripting language."

You can do that with ScriptsCS as it gives you project-less C# that effectively is C# as scripting language. Combine this with FluentAutomation and you've potentially got the best of both worlds.

To install, first you need the Windows apt-get open source equivalent, the oddly-named and -spelled Chocolatey. Then you get ScriptCS and the packages for FluentAutomation.

  • Install Chocolatey - one line installation here
  • Run "cinst ScriptCS" from your command line to use Chocolatey to install ScriptCS
  • Now, get the ScriptCS script packages for FluentAutomation like this:
    • scriptcs -install FluentAutomation.SeleniumWebDriver
    • scriptcs -install ScriptCs.FluentAutomation

Now, as a quick test, create a folder and put a text file called start.csx in it with just these contents:

var Test = Require<F14N>()
.Init<FluentAutomation.SeleniumWebDriver>()
.Bootstrap("Chrome")
.Config(settings => {
// Easy access to FluentAutomation.Settings values
settings.DefaultWaitUntilTimeout = TimeSpan.FromSeconds(1);
});

Test.Run("Hello Google", I => {
I.Open(http://google.com);
});

Notice how there's no namespace, no classes, no main. It's just a script, except it's using C#. You can change the "Chrome" to "IE" or "Firefox" as well, to play around.

Random: I love this Selenium feature, exposed by FluentAutomation...take screenshot!

// Take Screenshot
I.TakeScreenshot("LoginScreen");

If you don't want ScriptCS, while it can act as a REPL itself, there is also the start of a dedicated FluentAutomation REPL (read–eval–print loop). This is basically a command prompt that lets you explore you app interactively and facilitates building your scripts. You can get the Repl as a Chocolatey package as well and just "cinst FluentAutomation.Repl"

You've got LOTS of choices in the world of automated testing. There's so many choices that there's just no good excuse. Pick a library, pick a language, and start automating your web app today.

Related Links


Sponsor: Big thanks to ComponentOne, a division of GrapeCity, for sponsoring the blog this week. Their widely popular .NET control suite, Studio Enterprise contains hundreds of data and UI controls such as grids, charts and reports that offer the functionality, features and support you need for current and future application development. Download your trial today!

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by ORCS Web

Is the Windows user ready for apt-get?

May 28, '13 Comments [88] Posted in NuGet | Open Source | Tools
Sponsored By
Chocolatey installs Git

What it does

Chocolatey lets you install Windows applications quickly from the command line via a central catalog of installation scripts. You could install Git, 7Zip or even Microsoft Office (given a key.) The idea is seamless and quiet installations using a well-known key.

For example, once installed you can do this from and command line:

  • cinst git
  • cinst 7zip
  • cinst ruby
  • cinst vlc

That's basically it.

The catalog has grown so complete, in fact, that I recently wanted to install DosBox so I could play Zork. I took and chance and just "cinst dosbox" and it worked. THAT is a the promise that Chocolatey makes.

Getting Started with Chocolatey

You can get started by first installing the Chocolatey package manager. Copy paste this line to your command line and run it. (More on the fearfulness of this first step in a moment).

@powershell -NoProfile -ExecutionPolicy unrestricted -Command "iex ((new-object net.webclient).DownloadString('https://chocolatey.org/install.ps1'))" && SET PATH=%PATH%;%systemdrive%\chocolatey\bin

Presumably you like to know what command line stuff is going to do to your computer before you do it, so parse this line out. It's going to launch PowerShell to do the hard work. Nearly every Windows machine has PowerShell these days, and it's PowerShell that makes Chocolatey work.

Some folks have custom profiles so the -NoProfile switch suppresses custom profiles to prevent conflicts during installation. It launches a chunk of PowerShell script that it downloads from https://chocolatey.org/install.ps1/ then executes. Note that it's setting execution policy to unrestricted to do this. To be clear, it's executing code downloaded over the web, so there is a non-zero risk there. It then adds Chocolatey to your path (for this one prompt) so you can use it immediately. It'll be added to future instances of prompts automatically.

Look at https://chocolatey.org/install.ps1 now. It's a very clean and easy to read script. It downloads the Chocolatey installation zip file (which is actually a NuGet package), unzips it and continues the installation by running a scripts in the tools section of the package.

How it works

Chocolatey is a bootstrapper that uses PowerShell scripts and the NuGet packaging format to install apps for you. NuGet is the package management system that Windows Developers use to bring libraries down at the project level. Chocolatey (get it? Chocolatey Nu-Get?) extends that concept to bring applications down at the system level.

Today if you want to get 7Zip, you usually google for it, find the site, figure out the latest version or right version for your system, download it, run it, next next next finish and maybe add it to your path. Chocolatey does that for you.

Again, NuGet is libraries installed locally for projects, Chocolatey is applications installed globally for your whole system.

Chocolatey uses PowerShell scripts (that you never have to think about) that package developers use to chain installations and build dependency trees. Take the internals of a Git installation script for example:

try {
Install-ChocolateyPackage 'git.install' 'exe' '/VERYSILENT' 'http://msysgit.googlecode.com/files/Git-1.8.1.2-preview20130201.exe'

#------- ADDITIONAL SETUP -------#
$is64bit = (Get-WmiObject Win32_Processor).AddressWidth -eq 64
$programFiles = $env:programfiles
if ($is64bit) {$programFiles = ${env:ProgramFiles(x86)}}
$gitPath = Join-Path $programFiles 'Git\cmd'

Install-ChocolateyPath $gitPath 'user'

@"

Making GIT core.autocrlf false
"@ | Write-Host

#make GIT core.autocrlf false
& "$env:comspec" '/c git config --global core.autocrlf false'

Write-ChocolateySuccess 'git.install'
} catch {
Write-ChocolateyFailure 'git.install' $($_.Exception.Message)
throw
}

The most important part for you to take away here is the first line. Note that this Chocolatey script is downloading Git from the mSysGit Site. Chocolatey is not changing installers, making installers or hosting installers. It's automating the boring parts of getting software, but it's still getting that software from the same location as always.

Advanced Stuff

Once you learn the basics - and they're pretty basic - there's more depth to Chocolatey to explore. Beyond the cinst and cuninst there's other commands to make installing stuff on Windows easier. Remember, they're all in your PATH so you can call these commands anytime.

Each of these major sources can be called with cinst using the -source parameter like "cinst IISExpress - source WebPI" or using their own aliases for simplicity as shown below.

  • cwindowsfeatures - If you've ever opened Add/Remove programs then click Install Windows Features in order to setup IIS or Hyper-V then this command is for you. Some examples:
    • cwindowsfeatures  IIS-WebServerRole
    • cwindowsfeatures Microsoft-Hyper-V-All
    • cwindowsfeatures TelnetClient
      • Plus, you can always clist -source windowsfeatures for the complete list.
  • cwebpi - The Web Platform Installer is a great GUI for downloading any development tools you might need for Web Development on Windows. It's a catalog, an installer, and a chainer. There's also a command-line version of WebPI that Chocolatey integrates with so you can:
    • cwebpi IISExpress
    • cwebpi VWDOrVs11AzurePack_2_0
      • And again, clist -source webpi gets you a list of what you can do.

There's a more complete list at the Chocolatey Commands Reference including how it integrates with Cygwin, Gems and Python.

Security Issues

nugetlogoThis is a prickly one. How do you make a system that lets you install anything directly from the Internet quickly, cleanly, and easily without, well, installing something evil directly from the Internet? You'll want the communication with the server to be secure and the packages trusted, but you'll also want to make sure the packages haven't been tampered with since they were uploaded. There's the inevitable threat of a man-in-the-middle attack. You'll want to watch for malicious packages and enable quick takedowns if one sneaks by.

Security concerns aren't unique to Chocolatey, of course. They are a part of package repositories since their inception. The node npm repository had a security breach in March of 2012, and the folks at andyet explored the issues surrounding it, but also pointed out that personal responsibility has to have a role as well.

Linux's apt-get solves much of this with appropriate uses of cryptography and best practices that can (and should) be emulated. Packages in apt repos are signed with SecureApp, there are warnings if you're using a 3rd party repo or installing an unsigned package.

The Chocolatey team has been very quick to jump on security issues and they are very approachable. They've added SSL where appropriate and are aware of the work to come. If Chocolatey gets big (bandwidth and costs is a question in my mind) perhaps a non-profit organization would step in to help with not only costs, but also security audits and best practices.

Here's some points (edited for length by me) from a post from Chocolatey's lead, Rob in a post on their mailing list, also in march of 2012:

Security has a big future aspect of chocolatey. At the present I am the curator and I every day I get an email showing me all of the new packages that went in the day before. I look at all packages from new authors and I typically look at the first version of most new packages from authors I have good contacts with.

I've talked at length with others about having a moderated feed in the aspect of every package, every new version would be approved prior to showing up on the main feed. I am paying attention to how debian does things with multiple feeds and there are thoughts to move in that direction as well.

Security? In the future we are looking at a small group of folks be an approving body for nupkgs. We also talked about showing the hash for the nupkg, and possibly letting folks specify a hash for the installers so chocolatey can verify the things it downloads prior to execution.

Chocolatey's LIB folderCould I make a Chocolatey package called "FormatMyHardDrive?" Sure I could, just like I could ask you to open an admin prompt and format c: /q, but you won't, right? ;)

What's next?

Chocolatey is clearly not meant to be used by your "Gender Non-Specific Non-Technical Parent" and it does have some "competition" in the form of the Ninite GUI installation utility. While still not for the average Joe/Jane and having only a limited catalog, Ninite does fill a gap for the super-user to quickly get the common apps and utilities they want.

Additionally, is Chocolatey really apt-get? It's not installing libraries system-wide, although there's no reason it couldn't. Other open source projects like CoApp would like to be the Windows app-get although CoApp is more of a "system-wide libraries, C++ support, and Unix-like utilities" and Chocolatey is more of a "developer and poweruser utilities and their dependencies."

Chocolatey does install dependencies and you can see that happen yourself by trying out "cinst gitextensions" which itself has a dependency on git. Chocolatey will walk the graph and install what it needs before finally installing gitextensions.

Where Chocolatey, and ultimately Windows itself, falls down is with odd PATHing and install locations. Because Windows doesn't have formal install locations for things and because Chocolatey puts itself first in the PATH, it's possible to get one's self into odd situations where apps that were installed outside of Chocolatey don't line up with apps installed inside. For example, I installed Git with Chocolatey some months ago, then forgot about that version and installed a newer version of Git on my own. However, I kept hitting an old git bug because the Chocolatey version of Git was "first." I believe issues like this have changed with recent builds of Chocolatey, but the point remains: it's hard on Windows today to who installed what low-level utility, when, and where it ended up.

Branding

Now, by no means to I want to take away from the hard work done by Rob and the team, but (and I've said this to Rob before) I really have trouble getting past the name Chocolatey. Sure, there are two ways to spell "Chocolaty," which make it hard at least for me to type "Chocolatey" reliably. The -ey is a theoretically a valid variant spelling, but you can tell that that to the red squiggled underline in Word. But it's less the spelling and more the name itself. It lacks the nerdiness of an "npm," the gravitas of an "apt-get," or the poetic terseness of a "gem."  I realize that we are living in a world with companies called Hulu, Yahoo, Microsoft (seriously, MICRO SOFT, what is that?) and Google, but it's worth pointing out that a good name can really take a project to the next level. I'm not sure Chocolatey is the right name for this project, but that's 100% my opinion.

I encourage you, technical reader, to check out Chocolatey for yourself! It's a powerful tool, an engaged and growing community and an interesting piece of tech in its own right.

Is Chocolatey the apt-get Windows users have been waiting for? Sound off in the comments.


Sponsor: Big thanks to SoftFluent for sponsoring the feed this week! Check out their slick code generation tools: Less Plumbing, More Productivity! Generate rock-solid foundations for your .NET applications from Visual Studio and focus on what matters!

About Scott

Scott Hanselman is a former professor, former Chief Architect in finance, now speaker, consultant, father, diabetic, and Microsoft employee. He is a failed stand-up comic, a cornrower, and a book author.

facebook twitter subscribe
About   Newsletter
Sponsored By
Hosting By
Dedicated Windows Server Hosting by ORCS Web
Page 1 of 7 in the NuGet category Next Page

Disclaimer: The opinions expressed herein are my own personal opinions and do not represent my employer's view in any way.