DotNetNuke 4.5.4 introduced native support for SSL in the DotNetNuke framework.  During the testing phase and since it's release there has been some discussion (here, here and here) about the efficiency of the DotNetNuke implementation when shifting from http to https and vice versa.  It has been suggested that using Javascript, like that shown below, is much more efficient when performing the redirect. 

<script type="text/javascript">    if(location.protocol.toLowerCase() =='http:' &&         location.href.toLowerCase().indexOf('login') > -1 )               location.href = location.href.replace('http:','https:');    if(location.protocol.toLowerCase() =='https:' &&          location.href.toLowerCase().indexOf('login') == -1 )             location.href = location.href.replace('https:','http:');             </script>

So let's analyze the two methods to determine the best approach.  We'll begin by viewing the sequence diagrams for both implementations:

 

In both approaches we see that there are three request/response round-trips to the server.  There are primarily 2 differences that are visible in the sequence diagrams:  1) the second round trip results in a normal page return for the javascript method while a 302 redirect is performed for the DotNetNuke implementation 2)  the final login page includes extra javascript in the javascript version versus not requiring javascript for the DotNetNuke implementation.

Just based on the sequence diagrams I would conclude that the DotNetNuke implementation is more efficient.  In the second step, the javascript version would have to return an entire webpage in order to get the javascript to perform redirect to the HTTPS protocol, while the DotNetNuke version uses a 302 redirect which is much more efficient.  The 302 redirect allows the browser to bypass all page parsing and immediately begin loading the correct page, while the javascript approach necessitates that the page get parsed, the images downloaded and some javascript get executed.  Not only is the page handling slower in the javascript method, but you also have the extra overhead for the full page being transmitted from the server to the browser.  Finally, because the server had to return the complete page for the javascript approach, it means that it would need to go through the entire ASP.Net page lifecycle to build up the login page, even though the browser is just going to perform a redirect once it receives the page.  By using the 302 redirect method, we can detect very early in the ASP.Net pipeline that we will need a redirect and therefore can short circuit the rest of the page processing and instead just return a redirect.

Instead of just relying on the sequence diagrams let's look at the actual web-traffic for further evidence of the better approach.  We are going to just look at the raw request/response cycles for the web-pages and will ignore any javascript, css or image requests since those will likely be coming from the local cache and should be exactly the same for the two approaches.  The javascript method was implemented by adding the javascript to the skin and did not require creating a custom login page.  The DotNetNuke method required the creation of a custom login page and setting the "secure" property on the page settings.  The raw requests and responses were collected using IEWatch and the raw results were saved as xml files.  I have linked to the files below, but have removed cookies and postdata headers in order to simplify the xml and to hide any potentially sensitive information.

Table 1:  SSL redirect using Javascript (download the raw http log)

Duration (seconds)	Method	URL	Result	Size (bytes)
0.096	POST	http://localhost/dotnetnuke_2/default.aspx	302	46,365
0.092	GET	http://localhost/dotnetnuke_2/Home/tabid/36/ctl/Login/Default.aspx?returnurl=%2fdotnetnuke_2%2fdefault.aspx	200	23,124
0.207	GET	https://localhost/dotnetnuke_2/Home/tabid/36/ctl/Login/Default.aspx?returnurl=%2fdotnetnuke_2%2fdefault.aspx	200	23,129

Table 2:  DotNetNuke SSL redirect (download the raw http log)

Duration (seconds)	Method	URL	Result	Size (bytes)
0.041	POST	http://localhost/dotnetnuke_2/Home/tabid/36/Default.aspx	302	46,520
0.009	GET	http://localhost/dotnetnuke_2/SecureLogin/tabid/54/Default.aspx?returnurl=%2fdotnetnuke_2%2fHome%2ftabid%2f36%2fDefault.aspx	302	242
0.092	GET	https://localhost/dotnetnuke_2/SecureLogin/tabid/54/Default.aspx?returnurl=%2fdotnetnuke_2%2fHome%2ftabid%2f36%2fDefault.aspx	200	24,452

The results of the actual HTTP analysis confirmed what I concluded from the sequence diagram.  The Javascript method is less efficient than using the built in DotNetNuke implementation.  Not only can you look at the size of the response page for the second request, but you can look at the speed of the response for the second request as well.

While DotNetNuke has not always made the best architectural choice for every feature, I think we can conclude in this case that the DotNetNuke implementation is actually very efficient.  I think this issue also shows why it is important to do your own analysis when someone makes a claim about DotNetNuke.  The DotNetNuke team is not perfect and we are always looking for ways to improve the platform, however, we try to be pretty diligent about testing claims to make sure we are not making the problem worse.  In this case I think we did our homework pretty well and have a good implementation that handles the most common use cases for SSL in the most efficient manner that we are aware of.

 

Over the last four years DotNetNuke has experienced tremendous growth and adoption.  We have added more features to the core and grown the project teams to the point where there are now more than 45 people actively working on one DNN project or another.  At the same time we have also grown the programs around the project that help fund DotNetNuke and provide support to the community - programs like the Benefactor Program, the Review Program, the MarketPlace and the upcoming OpenForce Conferences.

The downside to all of this growth is that the processes that worked for our 1.x releases are no longer adequate.  Our current release processes are not optimal for the project as it exists today.  Over the last year, we spent a lot of time fine tuning our release processes for modules.  We have not given this same level of scrutiny to the processes we use for the core releases.  That is changing.  We recently started working on formalizing the processes we use for core releases.  These process will cover the entire development cycle from requirements gathering through release.  The processes will detail the tools we use and the manual steps that must occur throughout the development cycle.

One of the projects biggest challenges over the last couple of years has been communications.  This is especially challenging with respect to project releases.  Until the processes and tools are in place to manage the release then we will not fully solve the communication issues.  It is not as simple as saying post release information "here".  You have to identify the information to be posted and then find out who has the information.  It does not always reside in a single location.  What is the status of DNN today?  If you asked that question of every member of the DNN core team you would likely get completely different answers.   This is why answering a question like "When will DNN be released?" is not currently possible.  Nobody has the entire picture to be able to adequately answer the question.  We do not have a method in place to bring all of the various pieces of data together in order to get a snapshot of where DNN stands in terms of our current status.  What bugs have been found in testing?  Have we had enough testing?  Are these existing bugs or are they regression issues?  Do we need to go back and fix code for a feature/enhancement/bugfix that introduced new problems or that didn't properly correct the previous issues?  Even once coding is done, we need to determine if the code has been dogfooded and if the new release package has been built.  Have our marketing items (press releases, blog posts, newsletter) been created?  Is the documentation up to date.  Currently, there is no person on the team, not even Shaun, who has the answer to all these questions at any given point in time.  The result of all of this is that determining the release date is so difficult which means we often don't adequately communicate the project release status to the community.

 One of my many project tasks is to straighten out these processes and get the tools in place so that we have a unified view of the project that will allow us to consolidate all of the information in a single place, thus making status determinations possible.  Over the next 6 months or so we will be making small incremental changes that will be immediately visible to the community (some of those changes will be directed at the testing group and will not generally be visible to then entire community).  Prior to starting work on the 4.5.4 release, we added a roadmap module to allow the community to vote on the implementation priorities for roadmap items.  For the 4.5.4 release we started using a new test tracking module to determine the level of testing that is occurring.  Following the 4.5.4 release, we updated the downloads page to make the change log more visible and have added a new timeline to the release schedule page so that the community can better see the anticipated release schedule.  We are also planning on implementing the release tracker that we have been using for the various projects.  These items are not currently in their final forms but will provide us a good foundation in order to get community feedback.  Eventually all of these items will grow into a set of modules that will provide us the necessary tools to manage our entire release process and provide the appropriate visibility into the project status for the community.

The release process is an important part of the project that has been neglected over the last four years.  We are aware of the shortcomings and realize that it will take a concerted effort over the next several months to get a more formal process in place that adequately addresses the needs of the project and the community while also recognizing that the process must remain flexible.  We have taken some small steps so far and have many more steps to go before we are satisfied.  Implementing the new processes will not occur without some growing pains but we believe that the end results will be worth the effort. 

One of the hallmarks of every successful Open Source project is constant change.  Over the life of the project, the code grows and changes based on the needs of the community.  The team and the way it is organized changes to accommodate the needs of the project.  The same should be true of the processes used for developing the code and managing the project.  This has certainly been the case with DotNetNuke and something that we should keep in mind as we develop the new release processes.  While we will eventually achieve stability in our processes, we need to be constantly evaluating those processes to ensure that they continue to meet our needs and we have to be more willing in the future to change those processes as soon as they become outdated rather than waiting as long as we did this first time. 

The DotNetNuke OpenForce '07 Conferences are getting closer and we need your help.  Did he just say "conferences"?  Yes he did.  I am happy to confirm that we are working with the Software Developer Network to co-host the DotNetNuke OpenForce Europe '07 conference.  This conference will expand on the DotNetNuke track for the Software Developer Conference which began with last years SDC event.  We think that this extra conference will help serve those European developers who will not be able to attend the OpenForce '07 conference in Las Vegas.

In order to help make both of these events a success and to ensure that we will be able to continue hosting these events, we need you to help get the word out. Below are the badges Nik Kalyani created for the conferences. While you're adding the badges to your blogs and websites, checkout the OpenForce website.

OpenForce '07 Badges	OpenForce Europe '07 Badges
Attendees
111 days, 12 hours 40 mins	62 days, 2 hours 40 mins
<script type="text/javascript" src="http://www.openforce07.com/portals/0/badges/OFUSBadge.js" mce_src="http://www.openforce07.com/portals/0/badges/OFUSBadge.js"></script>	<script type="text/javascript" src="http://www.openforce07.com/portals/0/badges/OFEUBadge.js" mce_src="http://www.openforce07.com/portals/0/badges/OFEUBadge.js"></script>
Non-Attendees
<script type="text/javascript" src="http://www.openforce07.com/portals/0/badges/OFUSBadge.js?discover" mce_src="http://www.openforce07.com/portals/0/badges/OFUSBadge.js?discover"></script>	<script type="text/javascript" src="http://www.openforce07.com/portals/0/badges/OFEUBadge.js?discover" mce_src="http://www.openforce07.com/portals/0/badges/OFEUBadge.js?discover"></script>

With the addition of the OpenForce Europe event, we will now have world class DotNetNuke conferences available in everyone's backyard. Maybe next year we can expand the conferences to include an event in Austrailia

It seems that I am seeing more and more discussion around what constitutes Open Source software and Open Source projects.  Not only do you have the Free Software group who follow the Richard Stallman philosophy and the Open Source group who fall more into the Eric Raymond camp, but lately though you have a number of people for whom purity is defined not just by how closely your code adheres to the Open Source or Free Software definitions but also by how closely your project follows The Bazaar development methodology.  For people in this camp Open Source did not truly exist before Linus started Linux. 

In his post on Defining Open Source, Jeff Atwood lays out the requirements for a project to participate in his program to support .Net Open Source projects.  In defining Open Source Jeff tries to distinguish between projects that merely pay lip service to open source but that don't truly supporting the tenets of Open Source.  Jay Wren in his follow up post, Re: Defining Open Source, tries to make the point that to be Open Source means that every part of your development process needs to be totally transparent and open to the public.

In a nutshell, Jeff and Jay's arguments go something like this:  If you do not allow unfettered access to the source code and nightly builds then you are somehow not truly an open source project.  To be really pure you must accept code from everybody and their brother and give the whole world access to all of your projects communication channels.

I say this is a bunch of rubbish.  Neither the Free Software nor Open Source definitions make any distinction with regard to the actual development methodology.  They are both clearly focused on the software and the license under which it is distributed.  They are basically a backlash against the restrictions which are imposed by many software licenses and are an effort to remove restrictions which would prevent a user from gaining the most benefit from your software.  I invite you to look through both the GNU and OSI sites for yourselves.  You may run across several statements mentioning the benefits of a massively distributed development model, but nowhere that I can find is that development model tied to the concept of free or open source software.  So let's look at what Jeff and Jay are saying here and why I think it is wrong to set such requirements to be considered Open Source. 

The FOSS movement is a philosophy that tries to do away with many of the bad licensing practices that have been around since the early days of computers and that were exacerbated with the rise of the personal computer.  These licenses were including more and more onerous terms which were slowly limiting consumers abilities to use the software.  Often users would not understand the full import of a license term until they were embroiled in a mess like the one in which Jaime Cansdale currently finds himself.  To counter these practices Richard Stallman created the GPL and started the Free Software Foundation.  His goals were simple - to remove the barriers to use from the software.  To give users back the freedoms which he feels were unfairly restricted under copyright laws.

Some people found that the term Free Software and some of the principles that Richard was espousing, were too radical to be accepted by business.  Since many projects are typically designed for business use, they felt it was important that business not be turned off by the stigma associated with "free" software.  Thus was formed the Open Source movement and the Open Source Initiative.  Neither of these movements were trying to define the ultimate development methodology or to prescribe the method by which software was created.  I believe that there are good reasons not to follow this path.

The underlying concept of copyrights, which is at the heart of the FOSS movement, has been around since before the founding of the United States.  It is codified in our Constitution and in our laws and in international laws and treaties.  With the advent of computers and computer software, copyrights were extended to cover software.  The concept of the ownership of ideas and words, and the right to profit from that ownership, is a timeless principle that has held for many many years, and is one that is not likely to substantively change anytime soon.  The principles upon which the FOSS movement were founded are equally timeless in that they seek to overturn or limit the application of copyrights to software.

Contrast this with development methodologies like those described in Eric Raymond's book "The Cathedral and the Bazaar" which is a collection of essays describing what he views as the ultimate open source development methodology.  In his book, Eric lays out the case for the use of a widely distributed and very open development methodology as a way to improve the software development process.  He attempts to equate open source software with "the process of systematically harnessing open development and decentralized peer review to lower costs and improve software quality".  The problem with this, is that it is not a timeless principle.  Development methodologies change and evolve, in many cases rather dramatically, over time.  In just the last 10 years you have seen the demise of traditional waterfall methodologies and the rise of more agile approaches.  These changes occur as we better understand how to develop software ever more rapidly to better meet the needs of the consumers of that software.  While Eric lays out the case for the "Bazaar" being a more efficient development model than the "Cathedral" approach, he admits that it is an evolving concept which has, and will continue to change.  Just because those methodologies work well in today's programming environment and with current development tools, does not mean that it will always be the best approach for writing software, or that it is the best approach for every project and every project team.

The second point here, is that Eric describes a methodology that is neutral with regard to exactly what it looks like to harness "open development" and what does it mean to have "decentralized peer review".  How much of each of these does a project need to be considered "open source" under Eric's definition?  In his essay, "How many eyeballs tame complexity", which is included in his book, one of the key benefits from this model is derived from the ability of testers to see the code and therefore provide much more meaningful bug reports.  Now instead of describing erroneous behavior and the steps which caused it, testers can actually find the exact lines of code which cause the failure and provide this information to the developer for incorporation back into the code.  The only requirement to achieve this benefit is for the testers to have access to the source code.  It does not require daily access or nightly builds to receive the benefit.

Eric goes on to describe the problem with giving unfettered access or having communication channels that are too wide open.  The resulting chaos from such an approach actually increases the number of bugs introduced into the project.   This is essentially what is described as Brook's law or put more succinctly "too many cooks can spoil the stew".  To combat this effect, open source projects have adopted a core plus halo organization where you have a very small group of developers who work on the heart of the system and where most of the critical communication occurs, and then you have various halo groups who work on separable parallel sub-tasks.  Again, this approach does not require complete and open paths of communication.  In fact it argues against this.  Instead what is advocated is that there are open communication paths to the various halo groups who in turn have open communication paths with the core group.  This keeps the chaos in check but still allows essential bug-reports and code changes to make their way back to the core, without overburdening the team.

In the end, the very sources used to justify the "wide-open" definition of open source do not advocate nor require the kind of structure or openness that people claim is necessary to meet their new definitions of Open Source.  Even with that, I think there are still some additional points which argue against the re-definition of open source.

We currently code in an environment in which companies are increasingly using the courts or the threat of legal action to try and crush competition.  Companies are amassing large stockpiles of software patents to use as both offensive and defensive weapons against their competitors.  Companies like SCO are launching legal attacks, not against the developers or organizations behind open source software, but rather against the customers who use the software.  Even Microsoft has launched a FUD campaign against Open Source to get reciprocal licensing deals from various distributors of open source software.  These attacks do not come against the core project or the primary organization behind the project, but rather are focused on the project's customers.  The reason for this is simple: money.  In general open source projects and their organizations have none.  You could try to sue the project out of existence, but because of the distributed nature of Open Source projects, and the freedoms granted under the OS licenses, that would likely be a very costly and losing proposition.  However the customers and the distributors of open source software have a ton of money.  If you attack, or create uncertainty in the minds of the customers, then you can limit the spread of the Open Source software.

Since I am not a lawyer, I will not try to go into the legal aspects of this beyond saying that these attacks rely on the use of copyright and patent law to claim that the Open Source software is violating the other companies intellectual property.  This gets us back to the discussion of the wide-open model of development which some are now advocating as the true definition of Open Source.  Any model which allows for a virtually unlimited flow of code into the core project necessarily brings with it the risk that the code may be covered by other copyrights or patents.  As the number of contributors to a project increases, or as the size and complexity of contributions increase, the risk to the project and also its customers also increases.  Where did the code really come from?  Did someone google it?  Did someone copy it from CodeProject?  Maybe it was grabbed from some GPL'd project on SourceForge or even in the worst case it was copied from some project they have at work.  The Bazaar model of development says that it is all good...  let it all in.  It is more efficient and it will make the software more bug-free.

These risks are not unreal nor are they simple to completely guard against.  However, I think that in this day and age anyone who does not practice "safe open source" is asking for the source code equivalent of AIDS.  What do I mean by "safe open source"?  By that I mean that a project needs to put some boundaries in place that attempt to minimize the likelihood of infected code (that is code that is covered under an incompatible copyright or patent, or code which the contributor does not own) entering the project.  These protections should also help minimize the damage that can be done in the event that infected code is incorporated.

Just like with "safe sex", "safe open source" promotes the practice of identifying risky behavior and then seeks to either avoid that behavior or to minimize the risks that come with engaging in the risky behavior.  In open source, this means that project should identify what level of contributions they feel are safe to accept from strangers.  How many lines of code is it before someone crosses into that gray area?  Does that code use some sort of trick or hack that might be considered a trade secret or patented idea?  These are questions your project needs to figure out before blindly accepting a patch or bug fix.

At some point the code will reach a size and complexity at which it will likely be covered by copyright or patent law.  On the DotNetNuke project, we have discussed this issue with our attorney Mark Radcliffe who advised us that we needed to ensure that we had contributor agreements in place which ensured that we had the rights to use and modify the software as needed and that provided some protection against claims of copyright infringement.  Taking affirmative steps to ensure your are making a good faith effort to comply with copyright laws will go a long way towards mitigating any damage that may occur in the case where you find that some code has mistakenly been included in the project.  This level of contribution is not something that happens lightly.  We like to know who is contributing the software and have worked with them in some capacity for a period of time.  This essentially requires a certain level of trust on our part that backs up the legal agreements we put in place.  In some cases we can look at other indicators of trust such as the inclusion in some community organizations like AspInsiders, Microsoft MVP program, or even personal referrals from people on the team. 

Here is the final problem with the re-definitions of  Open Source:  they ignore the fact that every project, whether open source or proprietary, must find a development methodology and a management approach that works for both the project and the community.  Attempting to dictate some software practice for every project, whether it works for the project or not, is counter to the whole point of the Eric's essays which was to reduce cost and improve reliability.  I believe that a project needs to find out what works for them.  For some projects it will be OO and Agile methodologies in a Bazaar model.  Other projects will work better in a more closed model that uses less iterative methodologies.  Even a single project will go through different stages where one development approach works better for the project.  To arbitrarily define one development approach as being better or more pure than another is counter-productive.  Just like users should be free to use the code how they wish...  Developers should be free to develop code using a style that suits them and their project.  Projects should not be forced into a development style that doesn't work for them just because that style is de rigueur.

So how does all this apply to DotNetNuke?  I think that we clearly fall under the definition of both Free Software and Open Source software.  I also believe that we attempt to run the project consistent with open source ideals.  We have changed our development style a couple of times over the life of the project to match our experience as to what worked for us and our community and what didn't work for us.  Our development model is not written in stone.  If we find that a more open approach is warranted and this openness can be balanced against our desire not to overcomplicate our communication channels or introduce additional legal risks, then are certainly willing to make the changes.  You have seen some changes in the project recently:  You can now view our release tracker and see where each project is in the process of getting out a new release.  You can vote and comment on your favorite feature requests.  You can even enter bugs and suggested bug fixes in our bug tracker.  As always you can still discuss what you like and don't like about DotNetNuke in the DotNetNuke forums.  As we formalize our release management processes we will also likely open up patch submission. 

The DotNetNuke development practices allow users to see and modify the source code and to provide meaningful bug reports based on the users understanding of the code.  Our practices also allow us to leverage a large development community without also overwhelming our communication channels.  In the end, I think that the current DotNetNuke practices provide the major benefits of the Open Source philosophy while also recognizing the current legal environment and the practices that actually work for our management team.

After several years as a diehard Palm user I have finally shifted to the darkside with a new Blackberry 8800 from T-Mobile. I have had 6 different Palm devices over the years including 3 different Palm based phones. Unfortunately, Palm went from a company with innovative products that everyone was trying to copy, to a company struggling to keep up.So today I finally broke down and bought a Blackberry. It is going to take some getting used to, but it was time to try something new.Speaking of trying something new - I am posting this from my new phone using BlogMailr. One of the reasons I recently shifted my blog software was so that I could take advantage of these sorts of services. So far so good.Sent via BlackBerry from T-Mobile

Having worked with DotNetNuke for more than 4 years now, I have performed literally hundreds of installations.  While the installation process has gotten easier over the years as we have beefed up the installation routines, it is still not automatic. Even though I can install DNN in under a couple minutes, I often cut corners.  I usually just give the Asp.Net process account full control of the web application folder and use an sa account in the DB.  Neither of these are great practices, but setting up the correct permissions is a little more tedious and after you perform this task dozens of times you find that you soon start taking shortcuts.  The downside to these shortcuts is that I am not really testing out my site in a configuration that mirrors a typical production environment.  This can lead to subtle bugs that will be harder to track down later.

This is where PowerShell can really make a difference.  In my upcoming session at DotNetNuke OpenForce '07 I will be discussing how you can use PowerShell with DotNetNuke to perform a lot of management and administrative functions.  This post is the first in a series of that will show various ways we can use PowerShell to enhance and simplify our DotNetNuke experience.  These blog posts will cover many of the topics I plan to cover in my session.  I am not an expert in PowerShell yet, but my skills are quickly improving.  This series will follow my learning experience as I tackle various tasks for which PowerShell is well-suited.

The first set of posts will focus on simplifying the installation experience.  My goal is not to create "The Ultimate DotNetNuke Installer", but rather to show how you can use PowerShell to easily script a set of very repetitive tasks thereby ensuring consistency and making the overall process easier.  In some cases I may use hard-coded values and business rules, but hopefully it will not be too difficult for you to take my scripts and adapt them to your situation.  So let's begin.

The first step is to define the process we wish to automate.  We'll break our process down and develop the script over a couple of posts.

My installation process looks like this:

1. Unzip the DNN package to my website directory.
2. Set permissions for the "Network Service" Account
3. Create the Web Application in IIS
4. Create a blank database
5. Create a user account in the database
6. Run the DotNetNuke web-based installer

Step 1:  Unzipping Files

This step actually turned out to be much easier than I anticipated.  DotNetNuke uses SharpZipLib in the module installer for extracting files and folders from an embedded resources file.  Since PowerShell is right at home in .Net I thought that I would just end up re-purposing the original installer code I wrote for DotNetNuke.  Using SharpZipLib is a relatively low-level abstraction for handling zip-files.  You have complete control, but it also means that there is a lot of work needed to extract the files while maintaining the folder structure.  In DotNetNuke we use approximately 50 lines of code to unzip a file.

Thinking that there might be an easier way in PowerShell, I did what all good programmers do - I Googled it to see if someone else had already solved my problem. Bingo.  David Aiken had my answer.   The answer turned out to be very simple, and it highlighted one of the great aspects of PowerShell.  Even though PowerShell is based on .Net and has no problem working in the .Net world;  it is equally at home working with COM and WMI.  A little more research showed that the "shell.application" COM object was commonly used in VBScripts and WSH for unzipping files.

function Extract-Zip
{
    param(
        [string] $zipfilename = $(throw "Please enter a zipfilename"),
        [string] $destination = $(throw "Please enter a destination directory"),
        [switch] $showdialogs
    )

    if(test-path($zipfilename))
    {    
        "Unzipping $zipfilename ..."

        $shellApplication = new-object -com shell.application
        $zipPackage = $shellApplication.NameSpace($zipfilename)
        $destinationFolder = $shellApplication.NameSpace($destination)
        # NOTE: This scripts uses the PowerShell Community Extensions for the ternary operator

        $vOptions = (?: {$showdialogs} {0} {20})

        # CopyHere vOptions Flag
        #  4 - Do not display a progress dialog box.
        # 16 - Respond with "Yes to All" for any dialog box that is displayed.

        $destinationFolder.CopyHere($zipPackage.Items(), $vOptions)
        
        "Completed unzipping file..."
    }
}

I have made a few changes from David's original script to enforce the parameters and to suppress the dialogs that popup when extracting the files.  This is a good example of how to make required parameters and how to use switches to power up your scripts.  We'll add this with some ACL magic in our next post.