Rants, rambles, news and notes from another geek

Another One Bites the Dust

On Friday I repaved my laptop again. As many of you know, I do this about every 6-8 weeks, but now that I return to Redmond once a month, I’ve started aligning my repaves with my trips to take advantage of the corporate PXE installation services. This one was after two trips, which was about 8 or 9 weeks.

It is amazing how fast I’m getting at this. The more you do it, the more you organize yourself to make it easy, the easier it gets.

Within three hours I had my machine back to usable. In the few days since then I’ve installed things as I’ve needed them, using my previous repave notes as a guide for things I might’ve forgotten.

Here’s the list this time (so far):

  • IT Supported Vista SP1 x86 + Office + eTrust
  • Configure Bluetooth Mouse
  • ISA Firewall Client
  • Office Communicator
  • Configure Consolas as System Font
  • Wow
  • Flash Player for IE
  • Ventrilo 3.0.1
  • Zune Player
  • HotKeyPlus
  • Firefox 3.1
  • Java Runtime
  • Powershell 1.0 for Vista
  • Sidebar plugins:
    • All CPU Meter
    • Wired Network Meter
    • Wireless Network Meter
    • Woot!
  • NcFTP
  • PasswordMinder
  • GnuWin32
  • Chatzilla
  • Live Messenger
  • Vim 7.1
  • 7zip
  • ctrl2cap
  • LiveWriter Technical Preview
  • Flash Player for Firefox
  • Firefox Profile
  • Launch and Setup Outlook
  • ooVoo
  • My Profile Stuff (Desktop, Docs, Music, etc.)
  • Adobe Acrobat Reader
  • Twhirl

I blogged about this process once before over here: Another Agile Computer Repave Done

#DotNetNerds – an IRC Channel for Us

irc In my last post I mentioned my return to IRC. I did some digging around on freenode.net and efnet.org, but couldn’t seem to find a channel for .Net nerds to hang out.

So I created one: irc://freenode/DotNetNerds

Go grab yourself a copy of Chatzilla, or X-Chat or use mibbit.com, and come on over to freenode.net and the #DotNetNerds channel. Maybe something interesting will happen there. You never know unless you try.

TechEd Online – Visual Studio Team System Panel – Meet the Team

At TechEd last month I was part of a VSTS panel called “Meet the Team” with Brian Harry, Normal Guadagno, Gert Drapers, Habib Heydarian and Neelesh Kamkolkar. It was a fun talk (I arrived seconds late and ran on stage after it started–hence that empty leftmost seat in the picture) and we cover a lot of VSTS Rosario material in a short time.

Here are the links for your viewing pleasure:

  • Windows Media - High [http://microsofttech.fr.edgesuite.net/TechEdOnline/Videos/08NA_Dev_TEOPanel10high.wmv](http://microsofttech.fr.edgesuite.net/TechEdOnline/Videos/08_NA_Dev_TEOPanel10_high.wmv)
  • Windows Media - Low [http://microsofttech.fr.edgesuite.net/TechEdOnline/Videos/08NA_Dev_TEOPanel10low.wmv](http://microsofttech.fr.edgesuite.net/TechEdOnline/Videos/08_NA_Dev_TEOPanel10_low.wmv)
  • MP4 [http://microsofttech.fr.edgesuite.net/TechEdOnline/Videos/08NA_Dev_TEOPanel10high.mp4](http://microsofttech.fr.edgesuite.net/TechEdOnline/Videos/08_NA_Dev_TEOPanel10_high.mp4)

(I think I mentioned this once before, but I’m not sure I linked to the videos.)

Dark Theme for Chatzilla

Over the years I’ve been an occasional IRC user. It is far from perfect, but IRC is much better than IM for maintaining that “in the room” experience when talking, collaborating, etc. My favorite IRC network is freenode.net. There are a lot of interesting technical channels there and seems to be less noise than on other networks.

Until recently I was an x-chat user, which was one of the better clients out there, but has since fallen into a state of confusion when the project coordinator decided to take the project and start charging for the Windows client. So I went looking for a new client and found Chatzilla for Firefox.

Not a bad client at first glance. The first thing I wanted to do was change the color scheme, but there didn’t seem to be a UI for it. Then I realized that since it is a Firefox extension, it is probably written in XUL and would be styled using CSS. A few hours later, I had this scheme worked out, loosely based on Brad Wilson’s Dark Visual Studio scheme.

DarkChatzilla

If you want to give this scheme a try on Chatzilla, here’ are the files:

DarkChatzilla.zip (6.7k)

To use this, extract the zip somewhere on your drive (I put it in $home\Chatzilla). Then just drag the CSS file onto your Chatzilla window or browse to it from the Preferences window.

RSS and 301 Redirects

image Apparently when I switched over to my new blog engine I accidentally abandoned a number of RSS subscribers. Not because I didn’t do something I shouldn’t have done, but because a large number of RSS readers don’t do what they’re supposed to do.

They don’t do the right thing when presented with a 301 Redirect.

A 301 Redirect is a permanent redirect. When a client is presented with one, it is supposed to do what it can to update itself do not use the old link anymore.

According to RFC 2616 Hypertext Transfer Protocol – HTTP/1.1, Section 10.3.2:

**10.3.2 301 Moved Permanently **

The requested resource has been assigned a new permanent URI and any future references to this resource SHOULD use one of the returned URIs. Clients with link editing capabilities ought to automatically re-link references to the Request-URI to one or more of the new references returned by the server, where possible. This response is cacheable unless indicated otherwise.

The new permanent URI SHOULD be given by the Location field in the response. Unless the request method was HEAD, the entity of the response SHOULD contain a short hypertext note with a hyperlink to the new URI(s).

If the 301 status code is received in response to a request other than GET or HEAD, the user agent MUST NOT automatically redirect the request unless it can be confirmed by the user, since this might change the conditions under which the request was issued.

Note: When automatically redirecting a POST request after receiving a 301 status code, some existing HTTP/1.0 user agents will erroneously change it into a GET request.

More than a year ago, I redirected http://www.peterprovost.org/Rss.aspx to my FeedBurner feed at http://feeds.feedburner.com/GeekNoise. So when I moved my new blog engine over last month, I assumed nobody was using the old /Rss.aspx address.

But my good friend Brad Wilson let me in on a tip: Lots of RSS readers, including some of the big web-based readers, tread 301 Redirects like 302 (temporary) redirects.

That sucks big time. The reason the HTTP protocol has 301 is to allow site publishers to deprecate old addresses in favor of new ones and if some of the major clients out there ignore it, they’ve taken away that ability from us. Booo!

So, if you are seeing this as my first blog post in months, you are probably still subscribing to my old feed address. Please update your address with my new address when you get a chance. Thanks.

Happy Birthday My Lovely Wife

peter and em in sydney Today is Emily’s 35th birthday. She is the light of my life. Elegant, smart, funny, witty and fun to be with. A great mom, wife, sister and daughter. She makes everyone around her laugh and have fun.

I can’t imagine life without you Em.

Happy Birthday!

Update: Emily made me change the pic to one she likes better. LOL. This is us in Sydney in 2006.

Using the VSTS April 2008 CTP With Hyper-V

I found this little gem out there today:

How Steve Got Burned Today: How To: Get the TFS “Rosario” April 08 CTP running under Hyper-V

Running VPC images in Hyper-V requires some tweaking here and there, and Steven St Jean has figured it all out for you. Since our April 2008 CTP ships as a VPC, those of you wanting to run it in Hyper-V should take a look at this. It is also useful information if you’re doing this with other VPC images.

World of Warcraft Goes to Two-Factor Authentication

smartcard At Microsoft we’ve been using SmartCards for remote and building access for quite a while. This kind of authentication is called two-factor authentication because you use two different things to prove who you are, instead of just one (e.g. a password).

Two-factor Authentication on Wikipedia:

An authentication factor is a piece of information and process used to authenticate or verify a person’s identity for security purposes. Two-factor authentication (T-FA) is a system wherein two different factors are used to authenticate. Using two factors as opposed to one delivers a higher level of authentication assurance. Using more than one factor is sometimes called strong authentication.

Recently the game of World of Warcraft has been plagued by a rash of accounts getting hacked. Typically this is caused by a combination of things:

  • The user is probably running as an administrator on their machine (I don’t do this)
  • They probably doesn’t have all their security software up-to-date (I do this constantly)
  • They were probably browsing websites that have either been compromised by a hacker or are specifically there to attract WoW players (I don’t do this)

The end result is that they get a keylogger trojan installed on their machine. Apparently, this costs Blizzard a huge amount of money to address, so recently they announced a new two-factor system that uses a One Time Password token that the user must use with their regular password.

One-time Password on Wikipedia:

The purpose of a one-time password (OTP) is to make it more difficult to gain unauthorized access to restricted resources, like a computer account. Traditionally static passwords can more easily be accessed by an unauthorized intruder given enough attempts and time. By constantly altering the password, as is done with a one-time password, this risk can be greatly reduced.

There are basically three types of one-time passwords: the first type uses a mathematical algorithm to generate a new password based on the previous, a second type that is based on time-synchronization between the authentication server and the client providing the password, and a third type that is again using a mathematical algorithm, but the new password is based on a challenge (e.g. a random number chosen by the authentication server or transaction details) and a counter instead of being based on the previous password.

wow-keyfob Blizzard’s token system is based on the time-synchronization method. The token is a small USB keyfob with an LCD display and a button. To use it, you first configure your account using the token’s serial number. Then when you login, after providing your username and password, you press the button on the token and enter the number displayed on the screen.

Is this kind of thing foolproof? No, of course not. But since most WoW hackers were having their keyloggers post the username and password to a server somewhere for illicit use later, the number will most likely have expired before they get to it. (See Bruce Schneier’s article The Failure of Two-Factor Authentication for more information about the vulnerabilities in these kinds of systems.)

Even though I’ve never had issues with my account security, I ordered mine the day they became available. Apparently so did many other WoW players… Blizzard sold out in an hour. Mine came on Friday and it works great.

SQL Load Test Tool

Ed. Note - The VSTS Rangers are at it again, this time with a great tool that generates VSTS Unit Tests from SQL Trace files. These tests can be then used as part of a VSTS Load Test. Nice!

Project Description

This tool takes a SQL Profiler trace file and generates a unit test that replays the same sequence of database calls found in the trace file. The unit test is designed to be used in a Visual Studio Load Test. The code generated is easily modifiable so that data variation can be introduced for the purpose of doing performance testing.
The tool generates code for both Visual Studio 2005 and Visual Studio 2008. The source code is a Visual Studio 2005 project.
This is a V1 release with some known limitations which are specified in project description.

Why Load Test SQL?

There is a lot of code out there that makes load testing the application very difficult. The most common type is a client application that contains direct database calls. The application however is not structured to allow the business logic to be exercised without the GUI. Another common scenario is a legacy application written in a language such as Visual Basic 6. In cases like these, it can be difficult to load test the application without a GUI test tool, which introduces other disadvantages. GUI test tools are notoriously difficult to use, generally lead to brittle tests and also have limitations in scaling the load injectors sufficiently to exercise the servers.
This tool offers one possible alternative. You start with using the client application to generate a trace of the SQL statements which typically represent a usage scenario. You can then turn the trace into equivalent ADO.NET code program that can be used in a load test.

Tool Description

The tool generates a Visual Studio 2005/2008 Unit Test from a SQL Server Profiler trace. It extracts all the SQL statements and stored procedure calls from the trace and turns them into a single Visual Studio Unit Test, which can then be configured as a Visual Studio Load Test. The tool does not interact with the database itself when it analyzes the trace and generates the test code. It can therefore be used in “offline” scenarios.
The generated code needs to be customized to include a connection string to the database under test. That code also includes hooks to allow the user to customize the parameters that are passed to the SQL statements and stored procedures, so that variability can be introduced into the data to prevent caching from producing artificially high performance figures.
The tool is intended to be used in conjunction with a client program that runs against a database. A trace of the client’s SQL Server activity is captured using the SQL Server Profiler. This represents a test scenario, which is then processed by the tool to produce a Unit Test that replays the scenario.

More Information, Dowloads and Disucssions

CodePlex Project Home Page - http://www.codeplex.com/SQLLoadTest

Scrum of Scrums Haiku

Agility (Binshou) Kanji My Scrum of Scrums has
Become something other than
What I want it to be

It should be simply
A coming together of
Technical people

Instead it becomes
Like a management review
I lieu of sharing

What did you do since?
What will you do until we?
Is something blocking you?