Rants, rambles, news and notes from another geek

PDC - How to Find Me

If any of my 9 readers are at the PDC and would like to find me, you can reach me on MSN IM using “peter at provost dot org”. Feel free to pop me a message and we can meet somewhere. With 7000 people here it will be hard enough to find people you know… even if you don’t really know them.

If you see me walking the halls, grab me and chat. Here is a pic:

PDC - PreCon Session - .NET the Smart Client Perspective (Part 2)

Took a little break while Chris and Rocky played with the Anchor property. I’m hoping they’ll cover something not in WinForms For Dummies at some point. At least they are funny.

Anyway, while not paying attention, I tried to catch up on the 700+ items in SharpReader. Adam Cartwright is stuck in DIA. He speculates that the nice fires that I saw last night have actually caused them to issue a ground stop at LAX.

I wonder who else is sitting in here blogging instead of paying attention to WinForms 101?

PDC - PreCon Session - .NET the Smart Client Perspective (Part 1)

Couldn’t sleep this morning. With the change in daylight savings time, and me travelling one hour back, my brain thought it was 8:30AM when it was only 6:30AM. No biggie, I was able to connect to both my work and home email accounts and make sure I was all caught up.

After a quick breakfast, I headed down to the lobby to catch the PDC shuttle. Guess what? I just missed it. 15 minute wait…

Big ol’ buss shows up and I get on with a few others who (I think) were speaking Portugese. Not 100% sure, but I don’t think it was Spanish. The bus dropped us off and in I went. Checkin took about 5 minutes. They gave me tons of crap… a backpack full of crap in fact. (I haven’t really looked at it yet. More on that later tonight.)

Walked about├é a mile inside the LA Convention Center before I found the room for Chris Sells’ PreCon session .NET - The Smart Client Perspective. On the way there, I was surprised to see hundreds of tables with ethernet cables on them (and switches under them). Very cool. I also saw a bunch of 8 foot tall towers with 802.11b WAPs on them. Again cool.

Got settled in the PreCon room and spent 5 minutes or so getting my machine up on the wireless network. (I had it disabled because of a BSOD that happens at my office.) Right about then Chris and Rocky got started.

Chris is an excellent speaker and Rocky plays a good straight guy to Chris’ funny guy. They made tons of jokes about VB (Rocky is a VB guy and Chris is a C++/C# guy). They started out with a quick introduction to WinForms. They created a WinForm by hand (as opposed to using the Wizard). Then they explained the “scary block of code” (the InitializeComponent method that allows the VS.NET designer to work). Showed events, delegates, etc, etc, blah, blah, blah. I learned some interesting VB-specific details that I was generally aware of, but didn’t really knowΓǪ specifically using the Handles keyword to hook an event handler up to an event. Interesting, but I would have to say I’m not a big fan. I like to have all of my event hookup code in one place so it is easy for me to find. When you use Handles, you have to scan your code looking for event handlers (unless you are a point-and-click person, in which case there is probably some IDE feature to help you here).

Surprisingly, Chris actually said, “I like that stuff,” in regards to the Handles keyword. It is one of those things, like so many things in VB, that seem like such a nice idea at first, but I really think that it will lead to a nightmarish mess in projects of any decent size. My two centsΓǪ

That’s enough for one post. More in a bit.

PDC - Getting There

Well, I’m finally here in LA…

I left Denver in the 8PM flight to LA. No big surprises there. Threw the Matrix in the DVD player, popped on my Bose noise-cancelling headphones and settled in for a flick. Laptop battery didn’t die on me and I got about 2/3 of the way through before they made me shutdown.

As we were approaching LA, we were treated to an amazing view of the fires burning just outside the city. I wish I carried a camera phone so I could’ve taken a pic. It was a long line of flame that started right under the plane and extended out as far as I could see. I have no idea how much farther it went in the other direction. I was really surprised how close it was to the city. There were highways and streets right next to the fire. Very cool to see, but sad for the people affected.

I decided to save a couple of bucks and took a Super Shuttle into my hotel. At the curb I told the lady, “Park Hyatt”. She told me to get on the downtown shuttle, which arrived within 5 minutes. (Those of you who know LA are probably giggling already.)

After two dropoffs downtown, the driver runs through the list of hotels he is going to hit next. “And the Park Hyatt..?” I ask.

“WHAT?” responds the driver.

It turns out that the Park Hyatt is on the west side and NOT downtown. So my driver had to drive me all the way out to my hotel after dropping off everyone else. About 45 minutes later than expected, I finally arrived at my hotel. (Along the way I met a bunch of other PDC’ers… one of them figured out that his hotel was the Holiday Inn Downtown Long Beach, not the Holiday Inn Downtown LA. Oops.)

There is a wedding or something going on in the hotel as I stagger up to the registration desk. As the clerk is looking up my room, I tell him my whole story. It isn’t really that big a deal, I know, but either he took it to heart or I got lucky.

“We upgraded your room for free,” he says.

And boy did they! I’ve got a big bedroom, a living room, 2 TVs, highspeed internet. The works!

Too bad it looks like I’ll spend 12 hours a day at the convention center. :)

Tomorrow I’ll be attending Chris Sells’ pre-con session .NET - The Smart Client Perspective. I’m really looking forward to this session. Chris is a good speaker and I have a lot of respect for what he has to say. Not to mention, this is technology that I can actually use NOW, unlike Whidbey, Yukon, Indigo, Avalon, etc.

Hopefully I’ll post from the session tomorrow morning. I’m going to run downstairs and pound a beer before bed.

Wireless at the PDC?

I read somewhere that there will be wi-fi access from the PDC this year. Can anyone cofirm or deny this? Will it be free?

It sure would make blogging easier. :)

Linux Is Favorite Hacker Target

(I can’t believe this article didn’t get bounced around more last month. I just found it today.)

In a study released by mi2g in September, they found that during August 2003:

  • 12,892 Linux servers were successfully breached (67%)
  • 4,626 Windows servers were successfully breached (23.2%)
  • 360 BSD servers were successfully breached (<2%)

I suppose some will claim that this count is skewed because “most servers on the net are running Linux” but I don’t believe that. Especially when those same people say that Windows is a threat because _it is installed on _so many systems.

I’m gonna download BSD this weekend. :)

The Myth of SSL Security

I was having a discussion with a colleague the other day, and they made ite very clear that we had to have SSL on this portal server that we were about to roll out.

“Why?” I asked.

“Because it needs to be secure,” he replied.

At that point my mouth started flapping on about why I think SSL is a bunch of crap. Needless to say, I got ignored. (It turns out that the real answer wasn’t that it needed to be secure, but that the clients who will be using it need the illusion that it is secure.)

And then this morning I find this article mentioned on BoingBoing.net. In it Ian Grigg reviews the documented threat model of SSL as described in SSL & TLS by Eric Rescorla. The original threat model for SSL was that the end points (the server and client machines) are secure but the circuit between them is insecure. Ian asserts that this is backwards, the boxes are insecure and the circuit is fine.

I agree.

I won’t go into a lot of detail here as Ian has done a wonderful job himself, but everyone who recommends technology to other people should read this.

Don’t assume that because you have a little padlock on your browser’s status bar that you are safe. Understand what is really going on.

UPDATE 2004-05-01: It is interesting how time changes your view of things. While I still think that the person I was talking to was high, I don’t blame it on SSL anymore. The problem is really one of understanding what it takes to analyze a system for vulnerabilities, mitigate the risks, etc. SSL is a technology… a tool for mitigating risks. If you haven’t identified your risks before applying security technology, then you are just practicing another form of premature optimization.


I’ve been dabbling with a rewrite of my scooter site: Zundapp Bella Information Center. The site was written at least 5 years ago using ASP, JScript and a mixed bag of Access databases and SQL Server. The problem is, I’ve got lots of features I want to rewrite using .NET but I just have too many other projects going on right now.

On Friday, a coworker showed me his new family site built on DotNetNuke. DNN is a portal framework built on the IBuySpy Portal Solution Kit. It has tons of features, an API for producing your own modules, and best of all, it is free. (You can download the most recent build from the DNN Workspace at GotDotNet.)

In less than an hour I had it up and running. An hour later and I had my navigation structures done and about half the content moved over. At that point I stopped to reoganize what I had done, but I was very impressed with how easy it was to use. The biggest dissappointment is that the code is all in VB.NET. I’m not a language bigot, I just prefer to work in C#. Oh well… Other than a quick recompile after installing a photo gallery module, I haven’t really had to muck about in the code anyway.

Anyway, I hope to have the new ZBIC site up soon and DNN has made that possible. If you need a free content management/portal engine, you certainly should check it out.

I'm Blogging This PDC T-Shirt

Last week I got an email from Jeff Sandquist asking me for my snail mail address, ‘cause the Longhorn team wanted to send me something. Apparently because I registered by blog at PDCBloggers.net, the Longhorn team decided I was worthy.

He also asked that I not blog about this until I received my gift. Well…

It came today. A black T-Shirt that says “I’m Blogging This” on the front with a nice big PDC logo on the back.

Thanks Jeff!

PS. I don’t have a way to scan it in, but I’m sure somone else will do that soon enough.