|
Wednesday, February 26, 2003 Saturday, February 22, 2003
Community Starter Kit -- what are they thinking?
ASP.NET has released the Community Starter Kit SDK as a reference/base implementation for making community sites in ASP.NET. Mary Jo Foley writes that this heralds Microsoft's entry into blog-tool space. I downloaded and installed the kit. It is smooth and functional. You can do a lot of cool stuff with it. But, without writing the whole module on your own, you know what you can't do? Generate an RSS feed. Huh? Either this isn't Microsoft's entry into blog tool space, or Mary Jo Foley doesn't think RSS is an integral part of blog-culture, or Microsoft is trying to do the old bait-n-switch. See, you CAN expose the content via a custom web service architecture. Just boggles the mind. In fact, my colleague Niels asked about this feature lack and was told how simple it would be to write it himself. So, why isn't it included? It seems so arbitrary.
posted @ 12:49 PM CST [link] [Karma: 1 ( +/ -)] [ 2 Comments]
Friday, February 21, 2003
The old construction analogy
Pinku Surana recently posted a rant about agile process in the face of what he views as the overwhelming preponderance of "idiot" programmers. I actually think that Pinku is right, up to a point. The vast majority of the programmers in IT departments around the country are operating without even a modicum of understanding of CS theory. They have some tools they know how to use, some patterns they can employ, and only a passing interest in the actual application of their trade. There is a smaller set of passionate, knowledgeable and driven programmers who grok more than a single problem domain, and see tools as implements to help solve problems, not the solutions themselves. This is EXACTLY what exists in most other trades, and I'll use the construction analogy because they have language for it already. The difference that Pinku sees is the difference between *skilled* and *unskilled* labor. Check out a construction crew sometime. There are two or three "craftsmen", carpenters and masons who really deeply *get* the ideas behind building things. They have all the grand ideas, they lay out the plans, they oversee the work, they get their hands dirtly ONLY BECAUSE THEY REALLY ENJOY IT, not because they have to. They don't have to, because there are a lot of less-well-paid, untrained folks doing all the lifting, hammering, drilling, etc., all according to a plan. Unit tests are the instruments that help ensure the steps are going well. An untrained mason lays another layer of bricks, then sticks a level on top to make sure the wall isn't tilting. That's a unit test. We don't expect the untrained mason to be able to build his own level, just to use it often to ensure that things are proceeding smoothly. Pair programming is the time the craftsman spends standing behind the guy doing the framing, making sure that everything looks good, giving prompt feedback. Rapid feedback loops are what happens when the architect, carpenter and mason are all on the site, listening to the griping that the rest of the team is doing to figure out where things might be going wrong. We need to acknowledge that software has a very similar pattern of labor: there are only so many people who really love it and deeply understand, and there are a vast many more who only do it because its a job (think Office Space). If we can grasp that dichotomy, and embrace it, perhaps we won't need to scrap all the IT departments. We need to find ways to harness the untrained energy, and let the people with the passion do the thought work, and provide the tools for gauging quality. The unskilled laborers won't much like it to start with, but once the stress of trying to hide the fact that they aren't Don Box is lifted, I bet they like their jobs a lot more.
posted @ 10:33 AM CST [link] [Karma: 3 ( +/ -)] [ 1 Comment]
Thursday, February 20, 2003
The Mac -- what's it for?
Another subplot in my ongoing search for a new laptop is that I still have one...the question is, does my wife get it while I get a hot new model, or do I keep the old clunker and buy her something? While we were discussing it, I made a suggestion: Me:Hey, honey, we could get you an iBook. Her:Why? I don't do graphics. Me:Well, because it is supposed to be easier for novice users. Her:But I have you around. Me:Well, its *hip*. Her:Only computer geeks thinks computers are *hip*. So, what do we learn from this? A) Non-techies still hold to the notion that Macs are for artists B) UI inscrutability only matters if the person doesn't have a technologist in the family C) My wife thinks I'm a nerd.
posted @ 11:05 PM CST [link] [Karma: 2 ( +/ -)] [ No Comments]
Dell's Offer Ends Today
I'm in the market for a new laptop. My four year old Dell Inspiron 5000 gave up on itself, finally failing to recognize even the possible existence of my hard-drive, like some kind of fixed-media-athiest. I have been looking at IBM and Dell and, even, Compaq. I discovered something fun with the marketing math on Dell's site. When I started my search, I configured myself a nice Inspiron 8200 with the appropriate bells and whistles. It was laden down with special deals that END TODAY!!! ACT NOW!!!! Those deals were: a free upgrade from 30GB to 40GB on the mythical hard drive, a free upgrade to the UXGA from the SXGA+, and $100 off the price. So, fully configured, my system came in at, roughly, $1800. However, I am notorious for my inability to pull the trigger on big ticket items, and waffled away my LAST CHANCE for these special offers. Next day, I log back onto the site, and notice that, yes indeed, all those offers are gone. I go back in to configure an identical system; no more free upgrades, no more instant cash back. But, with the new deal (free shipping + $250 mail in rebate) my system came out to cost: $1810. But I have to HURRY!!! ONLY FOUR DAYS LEFT!!! If I try to negotiate, do you think somebody will have to go in the backroom and talk to the manager?
posted @ 10:46 PM CST [link] [Karma: 5 ( +/ -)] [ 2 Comments]
Sunday, February 16, 2003
AppUpdater is Cool, but the solution has a problem
I love the AppUpdater component (and architecture) that Microsoft is distributing with the TaskVision sample app. I've been looking for a good way to replace an old VB6 fat-client app without resorting to an ASP.NET application. I flirted briefly with web-launched winforms, but I find the AppUpdater architecture much more appealing. If you haven't seen the docs yet, essentially AppUpdater allows you to configure an URL endpoint for your application to check for updates on a regular basis. That endpoint can be a directory-browsing enabled vdir (navigated using DAV), an XML config file, or a custom web service. The model solves the "how do I update a running application" by providing a helper exe called AppStart which is what users actually invoke. It loads up the configured app in a new appdomain, then retreats to the background on its own thread to check for updates. When updates are available, the new files are downloaded and then asks the user if they would like to switch to the new version; if they choose to, AppStart kills the appdomain with the actual application in it, and restarts it using the new version. This is all well and good: the configuration settings are very flexible, the UI is pluggable, and they have thought through the security issues (providing a mechanism for strongly-naming an assembly that contains the keys for all the other assemblies you might use, whether your own or third party). There is only one major, glaring flaw, and it has to do with the docs and the sample app they ship you to play with. Here is step 3 of the "Build and Deploy" step of the docs: 3. Copy the Samples\SampleApp\SampleApp_ClientSetup directory from the zip onto your local machine. It doesn't matter where you copy it, however the program files directory is the most realistic place to put it since that is where most applications get installed. You'll notice that SampleApp_ClientSetup directory already has AppStart.exe included. AppStart.config is already set to point into the 1.0.0.0 directory and run SampleApp.exe. Well, go ahead and try it. If you are running as Administrator on your box, everything works well. AppStart downloads the updates in the backgound, switches out your appdomain, etc. However, try running the client NOT as Admin -- you can already see the problem. On Windows boxes, non-admin users don't have permission to write files to the Program Files directory. That directory doesn't belong to the programs, it belongs to the Admin of the box. The AppUpdater component will try to download the updates and barf out a Security Exception. This is all obvious stuff: programs shouldn't use their Program Files directory as storage space for dynamic configuration information or semi-permanent data housing. But it is insidious that the sample application shipped with the component fails to take this simple fact into account, and actually suggests that deploying the application that way is not only common (it is) but *appropriate* (it certainly isn't). I just wish that more people would take my buddy Keith's advice and try developing as a regular user. Sure would open some eyes.
posted @ 05:39 PM CST [link] [Karma: 3 ( +/ -)] [ 2 Comments]
Friday, February 7, 2003
Longhorn, Microsoft, Windows Users and The Problem
This article about Longhorn illustrates precisely the problem I have with the whole Windows/MS/we-the-people triangle of doom. The article is mostly about UI tweaks to the OS, specifically the ability to have multiple virtual desktops as well as a "Sidebar". The Sidebar is essentially the Gnome widget bar or KDE Taskbar -- just what Windows Taskbar should have been all along. But the statement about the multiple-virtual-desktops thing is really intriguing. Quote: One of Sidebar's optional elements, or "tiles," lets you switch between multiple virtual desktops--a standard feature of the graphical interfaces that ship with Linux, but hitherto available for Windows only in a few third-party graphics drivers and utilities.
This statement makes me cringe in all kinds of ways. First of all, only in the world of Windows are utilities blithely dismissed because they are "third party". The "third party" in Linux world is you and me. The "third party" in Windows world is apparently some untrustworthy band of purse-snatchers from Outer Mongolia who shouldn't be trusted with something as vital as your multiple virtual desktops. Secondly, is this what Windows 2004 is all about? GUI tweaks? I don't think so. But.... Go back and read the first paragraph. The new filesystem for Windows 2004 IS pretty interesting. However, it hasn't been implemented yet in the alpha release. But those UI tweaks have! Woohoo! Break out the champagne for the new alpha launch, boys and girls. We haven't implemented anything useful yet, but the fireworks sure look pretty! Why even have an alpha release if you haven't managed to roll in all the good bits? Because MS knows that 95% of the people who will upgrade to Windows 2004 will do so because it looks good, not because it works well. I know it wasn't written by Microsoft, but this article goes a long way towards summing up that skin-crawling sensation I get every two/three years that lets me know a new Windows is coming out.
posted @ 05:53 AM CST [link] [Karma: 1 ( +/ -)] [ 1 Comment]
Saturday, February 1, 2003
My name is Justin, and I'm a skeptic
CNN is reporting that computer security experts are railing against Microsoft for allowing the Slammer worm to decimate the internet last week. Particularly galling to them is Microsoft's insistence that if users had just installed the patch six months ago, none of this would have happened. This is so upsetting because Microsoft itself failed to install the patch and was compromised. While I agree in general that Microsoft has a lot of problems and much ground to cover in this area, I strongly disagree with two statements made by the security experts. The first is that, after a year, we can pronounce the Trustworthy Computing initiative a failure. A year ago, Bill Gates announced to his company and the world that security would become a top priority for Microsoft's developers. While a year is a lifetime in "internet time", it is barely a heartbeat in the lifecycle of a Microsoft product. That the Slammer worm affected a product that predates the Trustworthy Computing initiative is not proof that the initiative has failed, it is proof that the initiative is *necessary*. Secondly, the article finishes thusly: " In the meantime, Schneier said he was thinking of switching from Windows to the Macintosh platform because of all the security issues. "My wife has a Mac and she doesn't worry about viruses, trojans, leaks..., " he said.
A Consumer Reports survey last year found that virus infection rates on Macs are half what they are on Windows, noted Smith. "Is that because Macs are safer? I think the answer is yeah." " Well, my father runs Windows 98, and HE doesn't worry about viruses, trojans, leaks....because he doesn't know any better. That doesn't make Windows 98 safe, it makes him blissfully unaware of the dangers he faces. And just because infection rates on Macs are "half" what they are on Windows doesn't mean Macs are safer -- it means fewer thirteen year olds are interested in them. I recognize and acknowledge that market share is a dubious way to measure how "secure" a platform should be. Mac's 3-5% marketshare compares favorably to its infection rates. Mac CLASSIC, that is. MacOS X is, of course, Unix-based, and suffers almost identical infection rates to the other Unices, which is to say higher than Mac Classic. But if the Mac's rate of infection is now half that of WIndows, as CNN reports Consumer Reports reports, then the Mac really doesn't have that much to be proud of. Half of WAY TOO MUCH is still TOO MUCH. Microsoft, Apple, Sun, Linus, everybody has to concentrate more on security. But everybody out in the field has to be on top of it as well. Sure, the Slammer worm represents a vulnerability in SQL Server as delivered unto the masses by Microsoft. However, it only affects SQL Server boxes that are *directly accessible via the internet*. Which means that if you have an even remotely reasonable firewall in place, with a standard DMZ configuration, you should have been safe. Databases shouldn't be exposes on public networks. Period. And until the professional computer users take as much interest in security as we are demanding of the vendors, I can't see this problem dissipating. When companies buy locks from Schlaage to put on the front door, they don't lock the bolt and forget about it. They hire a security guard to sit behind the door and watch. Apparently, in IT, they don't even bother to buy the lock. Putting SQL Server on an open network is the same as taking the front door off the hinges and leaving the file cabinet in the lobby.
posted @ 06:35 AM CST [link] [Karma: 3 ( +/ -)] [ 1 Comment]
|
