I'm no longer blogging on this blog. Please find me here.
I've been busy lately and most of my friends in town think I'm a knucklehead. This is mostly because I'm carrying a crazy schedule. A small sample:
- I'm doing some F# stuff, both for public consumption and otherwise.
- I'm co-organizing WBUG, the Wisconsin BizTalk Users group with Nevin Goldstein of Fountainhead Consulting.
- I'm working on a piece of software for IronWake that we hope will become our flagship product (finally; more on this later; links to follow).
- I'm doing a bunch of behind the scenes hosting of a few different community efforts and other initiatives.
- I'm working on a research project that I believe will have an impact on the way search and browsing is done on the web (hopefully, I'll join Scott and make the web suck less).
But this post is about something else, too. I'm moving jjbresearch.org and a few other sites to a new hosting provider. I've been with Oochie for almost one year. They have been good to me and I highly recommend them. But I need bandwidth for these upcoming projects and given my needs, I can buy massive amounts from godaddy.com, m6.net and others. If you are looking for a good hosting provider, especially one that is responsive and trustworthy, I recommend Oochie. Scott has treated me well.
So now that I have said all of that, this blog is getting yanked down within the next 30 days. I'll be opening a new blog on the new jjbresearch.org (running CS2.0). My intention is to start from scratch, i.e. not include all of my old posts (no upgrade, clean install). I've spread a lot of propaganda in one short year. I hope to do more on the new site. I hope to do a redirect, but no guarantees. This old blog and its contents will be archived and go bye-bye.
Oh yeah and by the way, the labrary is not moving. Referred to as "The Cell" (and you know who you are), that room will likely notice no changes and nothing never.
I have heard throught the grapevine that the new ECMA CIL "standard" is about to be released. I use the word standard because I'm not sure of the right terminology.
I was able to get my hands on a copy of a few pages of the document through a friend of mine and it turns out that CIL will now support dynamic typing. My source has asked that I not reveal details, but I am allowed to say this: the Variant datatype is back and it is here to stay.
Evidently, there are a few difficulties to implement this in CIL, but the engineers involved had a breakthrough. I'm not privy to all of the details (I only have a few pages), but there was some feature that was discovered in generics that allowed for safe void pointers. My friend stated "We do dynamic loading; why not dynamic typing?"
I haven't been able to confirm this as of yet, but the feature appears to be so important, that the recent PR on the rescheduling of Vista was faked so that this feature could be included in the new operating system.
I just found out that Euclid's Fourteenth Book has been dicovered. I am so gled that the folks who authentiated this item spent well over a year to determine that it is genuine and chose today to announce the discovery. That is was found in Ireland puzzles me, but I guess that Euclid made the rounds by see in those days.
---
If you can't get the message out of this one, you are hopeless. ((and if you are supposed to be good at this sort of thing, consider this a taunt))
It must be something in the water. I have been evangelizing F# for some time and have had numerous invitations to speak around Milwaukee, WI and elsewhere in this region. Everyone that I speak to about F# "gets it". I have been having a lot of fun.
The good folks in the .NET Users Group in Rockford, IL (NETRUG; note that they are working on updating the web site; even though I'm not listed, I DID speak) were kind enough to invite me to speak at their March User's Group Meeting.
We had a fantastic meeting. The meeting took place on March 29th, 2006 and was located at a local business and we had the use of one of their conference rooms. Gerry and I arrived in Rockford, IL (from Milwaukee, WI) after an easy, 90 minute drive. About 10-12 people showed up. This post is a little late because I had written it and forgot to publish it (and a Rockford Users Group member emailed me to remind me; dude, where's our post?).
The part I like best about these meetings is hearing the issues of the local groups and how they manage those issues. In Appleton, WI, the toughest issue was trying to determine what topics to discuss in presentations in future meetings. Here the issue was organization and leadership. Leanne Fetter has done a great job getting this group together and they have a lot of great ideas. The group is working to solidify their leadership and roles so that the responsibilities are not placed on only one or two people. Many groups have these issues and it was great to hear open discussion in this group. Of course many other topics were discussed as well, but that the group was focused on leadership means that they are thinking about their durability and effectiveness as an organization.
After conversations on local group issues, I gave my F# presentation. Coming in to a new city, I usually don't know what to expect. The topic is not an easy topic, i.e. F# forces you to think in a number of different ways. I still find myself "context-switching" between C# and F# and "thinking in F#" only after a bit of effort. But the members of NETRUG picked up F# very quickly. As I walked through the presentation, there were a number of good questions and we covered a lot of depth. I try to engage each audience (in different cities) and hope that they respond. This audience responded. Given that the group size was 10-12, I could interact, on an almost individual basis, with each person. This provided for great tempo as well. This audience provided me with useful questions and commentary afterwards as well.
The Rockford .NET Users Group has solid membership and is growing. The group, like many others, is always looking for new members, speakers and leaders. If you are in the area, visit their site, attend the meetings or get involved.
I just arrived home from the FVNUG (Fox Valley .NET Users Group) meeting. I presented on F# (as usual). For a young group, i.e. this was only their second meeting, I thought they were well organized. I'm looking forward to visiting with them in the future, hopefully as a speaker, but definitely as an audience member. The meeting was more formal than those hosted by the WI .NET Users Group. One part that I really enjoyed was the "roundtable discussion". After I completed my presentation, I returned to my seat in the audience and the Chapter President, Chuck Goehler, opened the floor to questions about all things .NET. Any question was fair game and the idea was to get the group to talk about experiences in software development and in particular with applications in .NET. Because the group is new, a lot of topics were raised and those topics became future speaker topic items of interest.
I want to thank the group for their time. I also personally want to thank a few of the new officers of FVNUG:
- Chuck Goehler - President
- Christy Giblin - Director of Membership
- David Palfery - Director of Events
There were others to thank as well, but Chuck, Christy and David have started building a first-rate users group. If you are in the Fox Valley area, the group is looking for members and for leaders. I do know that they have a nine person board, for which only five positions have been filled. Visit FVNUG's web site if you are interested in either participating in these events, or are interested in becoming a board member. I can see this group growing quickly, so now is a good time to get in and make an impact.
Don't forget - Deeper in Dot Net is coming April 22, 2006. Space is limited, so register early . . .
Just a reminder that I'll be speaking at the the Fox Valley .NET Users Group tonight. I mentioned the details earlier here.
I'm leaving in an hour or so . . .
I'm speaking again on F#. On Wednesday, March 22nd, 2006 at 6:00pm, I'll be giving my F# presentation to the Fox Valley .NET Users Group. Please note that the venue is Fox Valley Technical College Room F108. The Fox Valley .NET Users Group is a new organization. This is their second meeting and I'm really glad that they have invited me to give this presentation.
I first gave this presentation on Feb 21, 2006 to the WI .NET Users Group. I have since polished it up a bit, after feedback from a number of people.
If you are in the area, stop in for the presentation and the roundtable discussion that follows as well.
Don't forget - Deeper in Dot Net is coming April 22, 2006. Space is limited, so register early . . .
I've been taking the time to improve my competence in a few key technologies. F# is one of those technologies. But I believe that the WinFX suite from Microsoft will provide considerable advantage in the future. To that extent, any resources that I can leverage in books, websites, etc. are really useful.
Joseph Cooney's newest site, LearnWPF.com (I previously linked it here) is really giving me a good dosage of WPF. In particular, his Can I create Aero Glass"-style windows under Windows XP in WPF? (with link to Unni's blog) and How do I create WPF graphics using the Expression Graphic Designer? saved me a few hours on issues that many early release products face: capability. Sometimes, just not knowing what a product can or cannot do in its early stages is important and the simple positioning of usage may not be apparent in CTP documentation.
Joseph's LearnWPF.com is a time saver for those, like me that are learning WPF. Anybody that saves time for me is worth a look . . .
There has been a lot of recent chatter regarding security and Mac OS X. Ed Moyle of Security Curve has an opinion that I've been following that I feel is on point. I live in Wisconsin, so when I saw this, I was naturally embarrassed. To be fair, the rm-my-mac competition was referenced and that contains a considerable amount of bias as well.
Let's lay the groundwork for the sensationalized headline that Mr. Moyle references. New Apple Hacking Contest Proves OS X Is "Very Secure" is the article written by Axxel (ok, he has a good moniker, so I like him for that) that PROVES in 11 paragraphs that Mac OS X is "very secure".
I've said time and again on this site, the scientific method should be applied to all studies. Let's see if we can't use Axxel's short essay to cover what we believe to be the state of affairs for an experiment:
- Hypothesis: The Apple Mac OS X operating system is secure. Dave Schroeder, a senior systems engineer at the University of Wisconsin, launched his contest Monday.
- Experiment Statement: For his challenge, Schroeder connected a PowerPC Mac mini to the Internet. The machine ran Mac OS X 10.4.5 with the latest security updates. The Mac had two local accounts, and Schroeder left both SHH and HTTP open.
- Experiment Tests: The mini garnered attention and lots of traffic, said Schroeder, who logged 4,000 attempts. The machine weathered two DoS attacks, various Web exploit scripts, SSH dictionary attacks, and untold probes by scanning tools, he added.
- Analysis: There were no successful access attempts of any kind during the 38 hour duration of the test.
- Conclusion: OS X Is "Very Secure"
Since I'm quoting from the article for each of these areas, I'll try to provide a bit of a backgrounder. Apple's Mac OS X operating system may indeed be "very secure". But one does not boast for a status of "very secure" after one 38 hour test. There are a number of statistics concepts that can be applied here. I'll name none of them and instead mention a few qualitative ideas. 1) Does everyone in the world with "hacking" experience on Mac OS X that could "break OS X" speak English so that they could be made aware of this "test"?, 2) Is everyone who has the hacking skills for this "test" aware of the test? 3) If I'm a hacker, do I want to play on a public honeypot? 4) If I'm a hacker and do have a 0day exploit, is this the place to make that known? 5) Was every hacker that was capable of penetration for this test at their keyboard ready for this challenge with no other day job, no other commitments, not on vacation, etc.? 6) If I'm the hacker with knowledge of a vulnerability, are there ways to capitalize (think criminals and money) on my work in a more fulfilling way?
Good thing that there is no bias in this test. Data must support the conclusion. Could someone please step up and tell me how many exploit attempts per day occur on the internet? Is 4000 attempts over 38 hours a reasonable sample? Are each of the 4000 attempts independent observations?
I wonder how the crypto community would feel if a new cipher were introduced and certified as "very secure" on some web site after 38 hours of open competition (i.e. all of the best cryptographers in the world weren't directly invited to participate; assuming that they would want to particpate) to determine its strength.
Did everyone believe that Fermat's Last Theorem was "true" and just accepted it as true because no one had found a counter-example?
The work to move from the above analysis to conclusion is essentially "no counter-example was found". The conclusion is dangerous given the data. The pragmatic or practical perspective I'd state is:
- If it is in the wild, it is fair game. In other words, tests like this prove nothing. At the end of the day, vulnerabilities exist. To find them may be difficult, but to declare a platform "very secure" under the above conditions is irresponsible.
It is difficult to separate the zealots and the hype in these stories. Look past those distractions to sensible practices and common sense. Security Curve Weblog and other links on my blogroll are a good place to start for some day-to-day reading on security topics.
By the way, Mr. Moyle and Diana Kelley have a recent book, Cryptographic Libraries for Developers, that looks like a good piece of work. Given their opinions, this book is one of my must-reads and I'll be ordering it shortly.
Tonight, Dave Bost will be speaking on VSTS and features in Unit Testing and Code Analysis at the WI .NET Users Group meeting. As usual, this is the second Tuesday of the month meeting, scheduled at 7:00-9:00pm. The usual free pizza and soda will be served.
I'll be there . . .
It is that time of the year again. Ok, for me, this is a first time event, but it has taken place in the past. The WI .NET Users Group's Deeper in .NET 2006 is in it's fourth year and this year seems to be bigger and better than ever.
This FREE event takes place at the Milwaukee Hyatt Regency Hotel on April 22nd, 2006. It starts at 7:00am on Saturday morning (dude, are you kidding? like I won't be out that Friday night before or anything?) and runs all day. At the end of the event, around 5:45pm, there will be lots and lots of prizes given away (I know for certain that the number is approaching $20,000 in total prizes; you must be present to receive prizes).
As a member of the Executive Committee for the WI .NET Users Group, I'm really excited to see the progress in the development of this year's event. WI .NET Users Group president Scott Isaacs (the one on the left) talks about the event further in Deeper in .NET 2006!.
Our speaker list is first-rate:
Read more here. Don't forget to register (required for attendance). Oh yeah, it's party time in the Brew City. See you there.
So its a good night in teh Labrary. I've been getting some F# stuff done. I've been spending time doing a few things on a number of technologies and F# has been at the center of many of those activities.
Anyways, C++ and Compact Framework Guru Travis Feirtag (founder of Feirtech, Inc.) has been busy as well. He's a total maniac with the Compact Framework. I've seen him do some very cool things. Between him and the lower cased one<