Last week I went to see "Meet the Fockers" at a movie theater in Mission Valley here in San Diego. I heard the movie was great, maybe even funnier than the first so I was excited to go check it out. My excitement severely dropped when I saw (and heard) at least four small infant babies being brought into the theater by their parents! So I prayed and hoped they would not cry… I was wrong. Not only did one or more of them cry during most of the movie but I swear that they all were crying at one time at one point! This pretty much ruined the movie for me.

I don't know about "most" parents, but when I had my kids, I did not step foot into a movie theater for many years unless we got a grandparent to watch our kids for us. It is totally beyond me why anyone would want to go take an infant or small child to a movie that is rated PG-13 or higher. Heck, kids should only be in G movies and babies should never be there!

Leave your baby at home and wait for the movie to come out on DVD or video! If you can't afford a babysitter, than this is cheaper anyway. I even said something to the parents down the row from me and they still did not take their baby out of the theater so it would stop bothering everyone around them. This is just another example of why I really don't like going out to the movies any more… I just can't take the ever increasing rudeness of the people that go. Don't get me started on cell phones and talking during the movie!!!

Microsoft .NET Is Named Best Program Development Platform In Financial Industry by Waters Magazine... pretty cool huh? Here is the complete article.

Microsoft previews 'Whitehorse' modeling tools for web applications for Visual Studio 2005. Click here for the complete article from CNet.

CNet is reporting that tech jobs are on the decline. Click Here for Article

For those of you working with ASP.NET, please be aware of the following reported security vulnerability in ASP.NET.

Microsoft is currently investigating a reported vulnerability in Microsoft ASP.NET. An attacker can send specially crafted requests to the server and view secured content without providing the proper credentials. This reported vulnerability exists in ASP.NET and does not affect ASP.

This issue affects Web content owners who are running any version of ASP.NET on Microsoft Windows 2000, Windows 2000 Server, Windows XP Professional, and Windows Server 2003.

The underlying issue is that ASP.NET is failing to perform proper canonicalization of some URLs. Microsoft Knowledge Base (KB) article 887459, "Programmatically Checking for Canonicalization Issues with ASP.NET," describes how to add additional safeguards to an ASP.NET application to help protect against common canonicalization issues, such as those related to this reported vulnerability.

The ASP.NET Team has confirmed that all versions of ASP.NET on all operating systems may be susceptible to this potential exploit. They strongly recommend you apply the following code to the Global.asax for each of your applications.

Global.asax code sample (Visual Basic .NET)

Sub Application_BeginRequest(Sender as Object, E as EventArgs)

   If (Request.Path.IndexOf(chr(92)) >= 0 OR _

      System.IO.Path.GetFullPath(Request.PhysicalPath) <> Request.PhysicalPath) then

      Throw New HttpException(404, "Not Found")

   End If

End Sub

Global.asax code sample (C#)

void Application_BeginRequest(object source, EventArgs e) {

   if (Request.Path.IndexOf('\') >= 0 ||

      System.IO.Path.GetFullPath(Request.PhysicalPath) != Request.PhysicalPath) {

      throw new HttpException(404, "not found");

   }

}

The ASP.NET team is continuing to work on this problem and will post more information once it becomes available to http://www.microsoft.com/security/incident/aspnet.mspx.

Resources

http://www.microsoft.com/security/incident/aspnet.mspx

http://support.microsoft.com/?kbid=887459

Continuing its flirtation with open source, Microsoft Corp. on Monday posted the code of a little-known collaboration application to open-source development site SourceForge.net.

[InfoWorld: Top News]

South Africa-based retailer Woolworths Holdings is set to deploy an upgraded application that it developed with the help of a new Mainsoft tool that converts code written using Microsoft's intermediate languages to Java byte code. For the complete article, go to: http://www.computerworld.com/printthis/2004/0,4814,96180,00.html

Cheap Trick played at Sycuan Casino on September 23rd 2004 in the Showcase Theater which holds about 450 people. I have to say that this was one of the best Cheap Trick shows I have witnessed. They played a collection of their hits ranging from early in their career to their latest studio album “Special One”. What made this show so good was I have never seen the band (mostly Rick Nielsen) have so much fun and they were full of energy! For a band that has been touring for over 30 years, this was truly amazing.

During the show, Rick was constantly bouncing around the stage and skipping back and forth smiling just about the entire time. Sure, he has always been the character of the group, but I have not seen him like this for a long time. Did he down a case of Red Bull before coming on stage? For most of the show, he was pre-occupied with throwing guitar picks into the audience. Yes, he does this at every show, but never like this. As some points he barely made it to microphone for his backup vocal duties.

There were two security guards positioned at the left and right sides of the stage. Rick would skip over to them and pelt them in the back of the head with a pick (I found this pretty funny). He did this multiple times. Rick also enjoyed spending time launching picks down women’s shirts that happen to be in the first two rows. The riser that Rick stands on during different parts of the show seems to be covered with picks which at various parts he would just swipe thirty or more picks at a time into the audience. I believe he was frustrated that the picks were not coming off his microphone stand correctly and he would rip about ten or more at a time off of it, most went flying straight up into the air. I stood there wondering to myself how many custom picks he has to order a year for the Cheap Trick concerts.

After one song I saw something that I could not believe and made most members in the audience gasp. Before I tell what happened, I need to say that Rick plays a different guitar on every song (you never seem the same guitar twice during a show). I would say that all of them are either custom made or vintage guitars. After this song he walked up to the front of the stage and took off the guitar and handed it to a woman in the front row (this is what made everyone gasp). She actually hesitated to even take it at first. As soon as he walked to the side of the stage to get his next guitar, his guitar rodie came and got it from her. I got the feeling that he knew this woman and her boyfriend. Also at a few points in the show he let people touch his guitar while he was playing it and even strum the strings. I have never seem him do this before.

During the pause between songs, some guy somehow got Robin Zander’s attention and started talking to him. Rick came over and pointed an audience microphone at him (which was not hooked up to the main speakers). I think this guy was saying something about how great Cheap Trick was and it saved his life or something. I’m not really sure. Rick finally walked away twirling his finger around his ear… indicating the guy is crazy. After another song or two this same guy got Tom Peterson's attention and started talking to him too. Both Robin and Tom were very polite about the whole thing.

Rick call the Sycuan theater a “mini theater” one time when he was talking to the audience. During another time, in typical Rick silliness fashion, he made fun of the Sycuan name. He call it “Suck One”. After he said this the second time, some woman in the front row that did not get that was making fun of it, corrected him. It was funny!

The show lasted the typical Cheap Trick length of one hour and seventeen minutes. The only thing negative I could say is that Robin’s voice mix though the speakers could have been better. I really liked the Sycuan theater because the seats were stadium theater style just like at the newer movie theaters and went right up to the stage. This made for a very intimate setting (I was in the 6th row). What I didn’t like about Sycuan is that it’s difficult to get to and if you want to have a beer or two before the show… forget it. They don’t serve alcohol at the casino at all.

For the first time since the Microsoft Windows Installer has been around, I have had to write a “real” install for the small startup company that I am working at. What I mean by “real” install is one that customers who purchase our product or install it for demos will actually use. I am starting this tale a week into my ordeal. While I might talk a lot about the shortcomings of the Windows Installer here, you might learn a few tricks too.

Since I am one of the very first users of Wise, I decided to use the latest copy that I have from them (since they were bought out by another company, I cannot get a hold of any newer versions) called Wise for Visual Studio .NET.  I did not want to use the installer that comes with Visual Studio .NET since I knew I would quickly run into issues with it.

Requirements

Both Wise and VS.NET will do a simple install your files and features with no issues. Wise has many more built in features than VS.NET has. However, my install has some additional requirements that I think are not that outrageous and should be simple to do. Here they are:

• Edit a web.config and app.config file.
• Install a SQL Server database.
• Install IIS if it is not installed (okay, this is a big one). Warn the user this is about to happen and allow them to back out of the install.
• Display a dialog based on a feature that the user has chosen.
• Create a virtual directory in IIS.
• Only install on Windows XP and Windows 2003.
• Create a directory and set permissions.

Except for automatically installing IIS, I do not think any of these things should be that difficult. To me, they are just normal tasks that any normal .NET application needs to perform these days. Well none of these tasks is easy with the Windows Installer/Wise. Before I continue, I need to say that the Windows Installer team has taken something that is not that difficult and have made it horribly complicated and hard to understand and even harder to test and debug. While Wise helped in some of the tasks above, I believe that the real problem lies in the lack of robustness in the Windows Installer. I come from the old Wise Installer days that use a top down scripting way of doing things. After working with the Windows Installer for a week now, I wish it were more like that.

What the Windows Installer Can Do?

One of the requirements is that our application can only run on Windows XP or Windows 2003. The Windows Installer can check for these system requirements but in a very limited way. I can set it to say it does not support any version of Windows before XP (good), but when it comes to the Windows NT versions, it can either check for all or one specific version (bad). Therefore, unless I write some custom script later, I cannot say “Requires Windows XP or Windows 2003”. All the other system requirements work in the same way.

Update: It turns out you can check for specific Windows versions with the installer (just not with the Wise IDE), but it is very confusing. After reading some of the Apress book listed at the end of this article I found out that installer properties can be Boolean or hold an actual value!?!? Okay, I have never heard of this before. Here is an example:

If you want to see if the user is running some version of Windows NT, you can use this:

NOT VersionNT

If you want to check to see if the user is running Windows XP or higher, you would use this:

VersionNT >= 501

As I am writing this, I am struggling with displaying a dialog that gathers information about a database server (server name, user name and password) so that it will only display after the Select Feature dialog if a certain feature was selected. This basically boils down to using Windows Installer events (discussed more in the “Wise or not so Wise” below).

Editing Files

Okay, this to me is a no brainer, most installs needs to edit files like web.config files, log files etc. Well, the Windows Installer does not have this capability!?!?! You have to write an external DLL or EXE to do this (which is not easy if you want to get information from the installer) or in my case, I used the Wise Script Editor (which complies to an outside EXE). While the Wise scripting worked, it was not elegant. I wanted to take a value in my web.config file like “{dbserver}” and just replace it with the real database server name gathered from the user during the install. Well you cannot…. the (Wise) script only has the ability to replace an entire line of text in a file.

Another issue with editing installed files is when to do it! With the old scripting version of Wise, it was easy, you knew when the file was installed and you then could edit it. Well, the Windows Installer does not work like that. It has these different areas called “Interface”, “Immediate” and “Deferred”. Furthermore, in these areas it has calls that is makes like MoveFiles, InstallFiles, InstallFinalize and more. So at first glance, you would just implement the editing EXE after InstallFiles… right? Wrong! In the install script, InstallFiles is not actually executed until InstallFinalize is called. Actually, everything in the script between InstallInitialize and InstallFinalize actually is queued up and run when InstallFinalize is called. Very confusing. I am still trying to understand when the Immediate and Deferred calls are run. I also found out that some of the properties (internal variables) are not available at certain places, like in Deferred. Dang!

Installing SQL Server Database

The Windows Installer cannot install (run) SQL scripts to create a SQL Server database. Wise dose have a very cool feature called “SQL Server Scripts” that will not only run scripts for your but it will even recreated a database, data and all! This saved me a ton of time.

Install IIS

Here is the big requirement and I did not think that any install program would do this and I was correct. It took me awhile to figure out how to force an install of IIS but I did right before I gave up. To do the install, the Microsoft Unattended Install program (sysocmgr.exe) needs to be called. Simply call it from the install like this:

sysocmgr /i:%windir%infsysoc.inf /u:c:iis.txt /x

The iis.txt file (that you create and install) should look something like this:

[Components]
iis_common = on
iis_inetmgr = on
iis_www = on
iis_ftp = off
iis_htmla = on

There is more information about sysocmgr.exe and the format of this file on the Microsoft web site. The iis.txt file format above is for IIS 5.0. Here is the format for IIS 6.0:

[Components]
iis_common = ON
iis_inetmgr = ON
iis_www = ON
fp_extensions = OFF
iis_ftp = OFF
aspnet= ON

There is another thing to worry about after IIS is installed. If the .NET framework is already installed, then none of the mappings in IIS for .NET pages like .aspx, .asmx etc. will be there. Therefore your ASP.NET applications and web services will not work.

To create the mappings the aspnet_regiis.exe program will need to be used (which is located in the latest version of .NET framework directory). However, this is not as easy as you might think. First, you need to figure out where the latest version of .NET is installed. This is the issue. There is a registry key called:

HKEY_LOCAL_MACHINESOFTWAREMicrosoft.NETFramework
Value Name: InstallRoot

Which will bring back “C:WINDOWSMicrosoft.NETFramework”. From there it is difficult from the registry to figure out what is the latest version that is installed. I just gave up (for now) and hard coded it to the version of the framework we are supporting (v1.1.4322). (If anyone knows of a better way, please let me know)

Call aspnet_regiis.exe like this:

C:WINDOWSMicrosoft.NETFrameworkv1.1.4322aspnet_regiis.exe -s W3SVC/1/ROOT/MyWebService

This “-s” switch will make the mappings only for the specified web site (I like this switch because this does not mess with other web sites that could have different mappings). The second parameter is of course the path to the web site.

Another thing to worry about is that with IIS 6.0, due to security reasons ASP.NET page extensions are not enabled by default. The only way I could find to do this automatically is with this VB script:

Set IIsWebServiceObj = GetObject("IIS://localhost/W3SVC")
' Enable ASP.NET
IIsWebServiceObj.EnableWebServiceExtension "ASP.NET v1.1.4322"
IIsWebServiceObj.SetInfo

Now that I have listed all the gotcha’s, the order in which these are done (as I have found out the hard way) is very important. Here they are:

1. Right before CreateFolders in the Execute Immediate section

a. Install IIS.

b. Also run aspnet_regiis.exe with the “-ir” switch (this was very critical for our install because during CreateFolders a folder is created that the ASPNET user is given access too. If aspnet_regiis.exe is not run, then this user could not exist on the machine!)

2. After your virtual directories are created in the Execute Deferred section

a. Run the VB Script that enables the ASP.NET page extensions in IIS 6.0.
b. Then run aspnet_regiis.exe as described above so that the ASP.NET pages are mapped to your web application.

Interact With The User/ Display A Dialog

As you have read, I need to install IIS if it is not there already. In the actual wsi script, I wanted to display a yes/no message box to make sure the user wants to install IIS. Well you cannot do this in the Windows Installer (not from what I could figure out). The Windows Install can display a message, but that is it. Again, I looked to the Wise Script for help. It can display yes/not message boxes and use that as the beginning of an “if” statement. Score! Well this would not work… I wanted to give the user the ability to abort the installation (because without IIS the feature they selected would not work). The problem is that the Wise Script cannot return to the install an exit code that would abort the install.

Create A Virtual Directory In IIS

Again, the Windows Install does not have the capability to create a virtual directory in IIS. Wise does and it works great.

Create A Directory And Set Permissions

While this was not easy to find in Wise, the Windows Installer can do this. It took a learning curve to get it right because the Wise documentation was not that good and an article on their web site told me to do the wrong thing. I only got it to work after a support call to them.

Wise Or Not So Wise

Now lets talk a but about Wise for Visual Studio .NET. While it has features that the Visual Studio install does not, over all it is flaky and difficult to use (if you are doing any type of custom install). One of the things that makes Wise hard to use is their lack of documentation. While it does come with a reference manual and a help file, both are severely lacking in details and “how to’s” and there literally no samples on how to do the tasks in Wise. It took me awhile to figure out the only way to get to the help file is via a dialog box… there is no way to “browse” the help file if you want to just look around and get familiar with the product. Speaking of samples, Wise does not come with any sample projects or sample scripts to help you get started. It only comes with two tutorials in one of the included PDF’s. So, if you want help on how to write VBScript files or .NET projects to interact with your install, forget it. Their help file also includes many links to the Windows Install SDK help file, which did not work even after I installed the SDK.

Unfortunately, as long as Wise has been around their documentation has not been very good. They do have a knowledgebase up on their web site, but you have to be a registered user to even use it and it is not much better than their help files. I actually found an article that told me to do something the wrong way (which caused a support call to Wise).

Now let’s talk more about why Wise is flaky. Here is an example: Sometimes it takes three or more tries (or the planets align) to add a script from the Wise Script Editor to get it to work. It never seems to work on the first try. I usually add the script… nothing happens when I run the install. Then I add it again and I get a memory error when run from the install. Then I add it again and I get another error that the program cannot be run. Then, if I am lucky the forth try (or more) it will just magically start working! There seems to be no rhyme or reason.

Setting and creating dialog boxes in Wise is very difficult. What makes it so difficult if you want to move the dialog box to a different place in the sequence during the install. Basically, you can’t. One time I just deleted the dialog, added a new one and Wise totally screwed up the dialog sequences some how. I kept getting a “loop” error and I could not figure out why. I just had to start over and create an entirely new install.

Also when adding and removing dialogs, I have found out the hard way that to move from forward and backward through the dialogs it all has to be set up in Windows Install events. You would think that Wise would help you out when adding and removing dialogs and add these events so the dialogs will appear correctly. Well Wise tries (I think) but does a very poor job. You will have to learn all about events (not as easy as you might think) and fix them on your own. It took me about half a day or more of messing with the events and conditions and testing to fix what I figured Wise should have done.

To get support with Wise and you are the registered user, you can log “Support Calls” on their web site, which are just really logging a question to their database. When you log a question, it says they will get back to you within three days! Well the good news is that they usually got back to me in one day or a little longer. The bad part is that I had to log seven of these support calls to finish my install requirements listed above.

Summary

Therefore, to end this long list of complaints on the Windows Installer and Wise, I just hope that the new version of Wise is better and comes with better documentation. I also hope that the Windows Installer starts coming out with more features and their SDK documentation get easier to read and understand. I’m fearful on what how much more difficult it will be when Longhorn is released. I just bought a book from Apress titled “The Definitive Guide to Windows Install” that I hope will help me understand more about the Windows Installer. In addition, I am completely surprised about the lack of information on the web on this subject. I Google’d for many, many hours and did not find much of any inforatmion, especially on interacting with the installer during runtime with VBScript or .NET. I did find a web site that seems like it might be of some help: http://www.installsite.org/. In addition, I found some help on the Microsoft newsgroup located at: http://msdn.microsoft.com/newsgroups/default.aspx?dg=microsoft.public.platformsdk.msi. If you have any comments of suggestions on the article, please let me know!

A Perfect Circle is releasing a new album on election day that is "a collection of songs about war, peace, love and greed".I kinda wished it would come out before the election to get us in the right mood For the entire article about this album go to: http://www.billboard.com/bb/daily/article_display.jsp?vnu_content_id=1000626795.

Netflix now has RSS feeds! Way cool. My favorite one is the "New Releases" feed. I've been using Netflix for many years and hopefully this feed will make it easier to find out what cool new movies I can add to my queue.

Another 9/11 passes and another year with absolutely no major network coverage of the event. The only show I could find today was a one hour special on the Discovery special. None of the major networks (Fox, CBS, NBC or ABC) devoted event 1 minute of prime time to this event on Friday (9/10) or on 9/11 (Saturday).  My thoughts I wrote last year (Remember Those Who Unwilling Gave Their Lives: 9/11) still ring true this year… sad. It’s sadder that the only time we really hear about 9/11 is when one political party is laying blame on the other or the president is using it to get himself re-elected.

The layers of security I use to keep criminals at bay .

Tim Anderson: SP2 debate exposes deeper problems.

ZDNet's David Berlind: SP2's new firewall: better than nothing, but not good enough.

Security is an interesting issue. How much security is good enough?

Let's get out of the computer world. Let's talk about heirloom jewelry. My wife, Maryam, has a bit of jewelry. Does she store it here in the house? No. Why not? It's not secure enough. Where does she store it? In a safe deposit box in a bank. Let's talk about a bank's security and how many layers it has.

1) The jewelry is stored in a safe deposit box with a lock.
2) There's a camera on the box area, so if something goes missing they can verify what happened later.
3) Each box is alarmed. So, if you try to break into someone else's box, an alarm will cry out.
4) The safe deposit boxes are stored inside the bank vault. Three feet of concrete and steel with a very sophisticated lock on the door.
5) Video cameras on the vault door to verify who goes in and out.
6) The vault is behind a counter and you aren't allowed to go near it unless an employee lets you in.
7) The vault is in a building that's designed to be difficult to break into. Alarms. Heavy duty doors. Lighting that makes it easy to see in.

I'm sure there's more layers too that I'm not even aware of. But, let's not dwell on this. The point is that there's multiple layers of security all to protect my wife's jewelry. Let's say any one of these layers failed. Her jewelry would still be safe. It would take multiple failures for a criminal to be able to steal her jewelry.

So, what's my point? Well, when it comes to computer security you should have multiple layers as well. If you have multiple layers of security, then any one layer -- even if it's not well designed -- will prove sufficient in keeping criminals away from the digital equivilent of your jewelry.

If you visit www.microsoft.com/protect you'll see the layers that Microsoft is recommending. For me, I go further. Here's what I'm doing now.

1) Install Windows XP Service Pack 2. This update has many protections against attacks (recompiled code, closed APIs, firewall on by default, all known patches, etc).

2) Get a good anti-virus program. Visit www.microsoft.com/protect for some suggestions, including a Computer Associates one that's free for first 12 months. Why is this important? It'll protect your system from all the known viruses, worms, and trojan horses.

3) Get a good two-way firewall on every machine. The Sygate Personal Firewall is free and is good. Zone Alarm is another popular choice. Why don't I just use the firewall that's included in XPSP2? Because it is only a one-way firewall. Sygate's watches activity going on from both inside your computer as well as out on the Internet. What if your company already has a firewall? That's not enough. You need one on every machine now because if someone takes a laptop outside of your network, gets infected, then comes back in, they'll infect you too. In fact, I use two firewalls now, even at work (one software that runs on all my machines, and one that hooks to the network before I even hook a machine to it). XPSP2's firewall is definitely better than not having a firewall at all, but for some people like me it's not enough.

4) Get a hardware-based firewall or NAT at point of network entry. Why? Because many of us attach unpatched computers while installing, or want to play networked games, or have other reasons for turning off our software firewalls (some software won't work through firewalls). Plus, even if you don't turn them off, provides one more barrier that hackers have to go through. Again, it's about layers of security and not needing to rely on any one security device.

5) Turn on automatic updating. Visit www.microsoft.com/protect so you'll always have the latest security patches. Why do that? Because software evolves. We learn about mistakes we made in our code. We find new ways to keep criminals out. If you aren't running the absolute latest software, you're vulnerable (and this is true if you're on Linux or the Macintosh too).

6) Run the latest email and Web clients. Outlook 2003 and the latest Outlook Express, for instance, has another level of security against running exe's (you can't even run them if emailed in the latest versions, but if you used earlier versions they didn't have those protections). If you are running Firefox or Netscape, they regularly fix vulnerabilities in their products too. Always run the latest. That's the safest.

7) Visit www.microsoft.com/security regularly. for the latest information on security threats. That's the official place where Microsoft will communicate about security threats and/or the latest updates.

8) Run at least one good anti-spyware program like Adaware or Webroot's Spy Sweeper or Spyware Blaster. That'll make sure that no spyware sneaks onto your system. With XPSP2 I've found that spyware is far less likely to get onto your system, but I've already found one site that has some spyware that gets past XPSP2. So, you'll need to still check, particularly if you visit "high risk" sites (sites that aren't known to you, for instance, or adult sites which are famous for putting spyware on your systems).

9) If you visit high-risk Websites, turn off ActiveX and scripting in your browser. (I turn off scripting even on Firefox when I'm visiting high-risk sites -- you all can guess what I'm talking about here. It's just too risky.) In Internet Explorer, just visit Tools/Internet Options. Click on the security tab. Then move the security slider to "high." That'll disable both ActiveX and scripting.

10) Don't run in administrator mode. I'm slowly moving my machines to not running in administrator mode. That way if something does get through all the protection it can't do as much damage. Out of all the steps here, this one is the hardest to do, though, because a lot of things don't work on Windows if you're not running as administrator.

11) Keep an install partition on each of your machines. I put a backup version of my Windows XP install CD on the second partition so that if all else fails and my machine is taken down, I can quickly repair the system and get back up with nothing more than a boot floppy that any machine can produce (since my install bits are on the second partition I don't need to do anything fancy to get back up).

Update: Chris Coulter says that an even better thing to do is to get a second hard drive and put an image of the first drive on the second (he recommends Norton Ghost). If something happens to the first drive, you can build a new image off of the second drive and be back up and running within minutes.

12) Don't allow anonymous users on your wireless network. Why not? Because if they have been infected then you'll have invited them behind several layers of your security. Plus, a criminal could use your line to send spam or infect other people. Do you really want to help those people out?

13) Use better passwords. Come on, I know some of you aren't using good passwords. For instance, I knew one person who'd just use "password" as his password. That meant his machine could be broken into very quickly (never use a single word as a password -- hackers have dictionary cracking tools that can break such passwords ). Read Robert Hensing's advice. He's a security expert here at Microsoft and works in support and explains a good way to choose passwords that are hard to break.

14) Backup your data regularly. It's amazing how few people backup their stuff. Hard drives die. Things happen. If you have backups, you'll be OK even if your machine gets wiped by something. Personally most people don't need to do it very often. I backup once a month. Why? I'm willing to lose a month's worth of stuff. (Most of my important stuff is in Outlook and that's backed up automatically by the company I work for).

Anyway, my whole thing is to treat your computers like you treat valuable jewelry. Put up multiple security barriers. This is true, by the way, whether you are on a Mac or Linux too. All the above except for loading XPSP2 apply to you too. Just because the criminals aren't attacking your systems right now doesn't mean they won't in the future. That's like saying "well, if I hide my jewelry in a box at the North Pole the criminals aren't going to take the time to go there." That might be true, but is that really a good way to approach the world?

What do you think? How many layers of security do you have? How many do you need?

You might not need all the above, by the way. At home I don't have an alarm. I don't have video cameras. I don't have a vault with three-feet of concrete between me and any potential criminal.

So, the 14 security layers I use for my computers might be overkill for you. Which layers above do you choose not to have and why?

[Scobleizer: Microsoft Geek Blogger]

I just heard the other day from a source with very close ties with Microsoft that VS.NET 2005 might slip 6 months. This source said the target manufacturing date was March 2005, now it might be September? Maybe later? Should we be calling this VS.NET 2006?

Let me first start off saying that I am a HUGE Cheap Trick fan. I buy anything they put out. While this DVD is great, it is not a live DVD... it is really a documentary (or rockumentary). With that in mind, it has great insight to the history of the band that I never knew like Tom invented Pop Tarts and Rick's dad was a famous opera singer.

I was let down that there is no way to watch the concert footage (most of it new songs) in its entirety.

There are data syncing issues with this model and other strange behaviors. Unfortunately Viewsonic is no longer offering an upgrade to Pocket PC 2003 which should fix some of these issues. Here is the response from their technical support: "The PPC 2003 upgrade CD for the Pocket PC V37 is no longer in production.". I personally would not purchase anything that can't be upgraded! Buyer beware! The screen resolution is not that great either.

Quake Shakes San Diego . An earthquake hit San Diego Tuesday with enough force to make more than a few San Diegans nervous. Where I work, some people actually stood up and exclaimed "... what was that?". I wonder... if a tornado hit the building they would be asking the same question. Then a bunch of people ran to the window as to try to witness massive distruction. FUNNY!

So I actually went to a book store today (I usually shop at Amazon.com for books) to go looking for some .NET books. Much to my surprise there isn’t a .NET section (at Bookstar at least). I found that they have books on .NET spread throughout the web,  c/c++,  vb, database and network sections. I found it strange they have an entire shelf section dedicated to Visual Basic, but not .NET?

A friend of mine told me later that day that the publishers like this… but for me, having a limited amount of time in the store, I found it frustrating to find the books I was looking for.

Today is the final day of TechEd and I woke up hurting all over… my feet, my head, my back and the rest of my body. Also today is the first day of the entire conference that I made it to the first session of the day (9 a.m.). The rest of the time I could not bring myself to get up that early and drive down to the convention center. Here are the final sessions that I went to:

• .Net Security In The Real World - Examples From Corporate America
• Visual Studio: Deploying .NET Applications with Ease
• Defending Against Layer 8: How to Recognize and Combat Social Engineering
• IIS Data Mining with Log Parser

I attended my first “cabana” session today. These were small open areas in the Sail Pavilion that had seats for about 20 people. I kind of liked it because the speakers were more laid back. The problem was because the light came from the sun, it was near impossible to see the plasma screen they used. If it weren’t cloudy, it would have been impossible!

The speaker for “Defending Against Layer 8” (Steve Riley) was hands down the best speaker of the entire conference. He kept the lights on and did not stand on the podium at all. Instead he walked around the huge room and really engaged the audience. He was so energetic and had a great attitude even though his talk was next to the last of the conference. He also seemed to have the largest audience of the day and got the most applause at the end of his talk than any other session I attended the entire conference. One thing Steve mentioned was that he never uses the computers in the Commnet area to check his e-mail because someone could put a keyboard sniffer on them. Well he is completely correct… I use to work for the company that did Commnet (located in Carlsbad) for TechEd last year and they found keyboard sniffers on some of the computers. So attendees beware!

Is it just me or did some of you notice too that the presenters had a lot of programs running in their taskbar? One presenter today had 11 and another had 13! Okay, maybe I’m the only one around that is minimalist and keeps as few things running the in the taskbar as possible for performance reasons?

It’s been 1.5 years since I have been at a conference, but I still see that the number of women engineers does not seem to be growing at all. Also I noticed that the number of engineers with long hair have decreased (I only spotted two others). Maybe I should finally cut mine… not!

After the sessions were over, I meet up with my friend Stan and my new friend Ambrose and we hit the Gaslamp area. We went to The Field for food, played pool at San Diego Billiards, hit Dick’s Last Resort and back to the W for a few drinks.

Summary
To sum up, I think TechEd was great. I would say it was the best conference I’ve been to. I was very impressed on how Microsoft ran the conference. I wished there were less Microsoft speakers and more “real world” speakers. I also wished the talks were more technical and less “50,000 foot level”. Some people told me that the PDC is more technical, but I figured with “tech” in the name of the conference, it would be more technical than it was. I hope TechEd comes back to San Diego soon!

Business Card Count = 3

For more pictures click here.

Day five of the TechEd conference… the wear and tare of going to a conference it starting to hit me… having to drink coffee in the afternoon. Here are the sessions I went to today:

• ASP.NET: Blackbelt Web Forms Programming
• SQL Server Data Access Developer Don'ts (10 Things You Currently Do That You Shouldn't)
• ASP.NET: Tips and Tricks for Building Server Controls
• ASP.NET: Best Practices for Managing and Operating IIS 6.0 and ASP.NET Solutions

At lunch I did my pass through the exhibit area since it was the last day for them. I gathered information I could take to the next meeting of the user group I hope run (San Diego .NET Developers Group). One thing I did notice was that it seemed that there were more vendors focued on the IT pro type person… not on the software developer. I thought TechEd was a developers conference… guess I was wrong.

After the sessions Microsoft rented out Sea World for the attendee party! It was pretty cool going to an amusement park and not pay for anything! Got to walk on to rides and exhibits. It was fun… thanks Microsoft!

Business Card Count = 3

For more pictures click here.

Today, day #4 of the main TechEd conference I had more energy that I thought I would. Usually by this time at conferences I’m running low in that department. The sessions I went to today were:

• Connected Systems: Using Web Services Enhancements v2.0 for Messaging Over Multiple Machines and Networks
• Smart Clients in a Service-Oriented World: Thomson Financial Case Study
• SQL Server 2000 Reporting Services: Managing a Reporting Services Implementation
• Improving Application Performance and Scalability

I think one of the reasons we all could keep our energy up was that throughout the day and throughout the conference area there were always coffee, snacks, soda and bottled water available. So any time we wanted, we could fuel up!

I made an effort at TechEd to not go to any Whidbey talks. Why? Easy, it’s a year away. Sure I want to learn about it, but it’s not even in an alpha release. I thought the conference focused too much on future technologies and not enough on the current ones.

They gave us two hours for lunch, so I spent the majority of that time doing what I call “slumming” for the user group that I help run (San Diego .NET Developers Group). What I do is go to all the vendors that I think could help out with the group by either donating software or come speak at a meeting. All of the vendors I targeted seemed into it… we shall see.

After the session I was invited to a private party thrown by Microsoft for people they call “influencers”.  They rented all of the Dicks Last Resort bar/ restaurant and the billiards hall above it for three hours. It was a lot of fun. After that, my friend Stan and I went over to his hotel, the W, and hung out at the upstairs bar which is mostly a sand beach type of thing. That was pretty cool too.

Business Card Count = 6

For more pictures click here.

Well today is day two of the main TechEd conference. I happened to make it for the last half of the keynote speaker (Andrew Lees, Corporate Vice President, Microsoft Server Tools Marketing Worldwide). He announced a number of new things coming from Microsoft including that all developer tools will have 10 years of product support and that SQL Server 2005 will include data encryption. Cool!

Here are the sessions that I attended today:

• XML Today and Tomorrow
• ASP.NET: Building Secure Web Applications-Defenses and Countermeasures
• Visual Studio: Programming Middle-Tier Business Logic

As I was sitting in these talks, I noticed that it seemed to me that a large number of Microsoft speakers have some sort of British accent. I checked with my friend later in the week to see if he noticed the same thing and he verified my thinking. I’m curious to know why this is. Do they make for better speakers? More charismatic? I wondered.

Today was the first day I went down to the exhibit area. I had a mission of just signing up for all the prize giveaways. Do my dismay, I found out when I got to some of the vendors (HP to name one) they made me go to three or more other vendors to get a card stamped before you could be entered for the prize. So I ran around the (huge) exhibit area and did as they instructed only to find out that I had to come back later in the week because I had to be present to win? What a scam! Some of the times they picked to give out the prize were the same time sessions were happening. Not cool at all vendors! From then on I only entered giveaways that they would notify me via e-mail or phone that I won.

Also I went and had my first TechEd lunch in the massive lunch area today. I have never seen a dining area so big (see picture)! There were 970 tables that sat 10 people each and an army of waiters/ waitresses that corralled you to your table and served you iced-tea. I was very impressed how they pulled this off and the food was good and hot! No boxed lunched the entire week! They even had special lunches for vegetarians, vegans, lactose free and more! I also found out that the convention center donates any leftover food to two different shelters located in downtown San Diego. Very cool!

Early that evening I went and attend the Regional .NET User Group Meeting (put on by the San Diego .NET Users Group) held at the Horton Plaza Westin. It was a very informative meeting featuring a speaker from the Microsoft VB.NET team and one from the C# team, each giving a separate talk on what is coming in VS 2005. Lots of cool things coming next year, but I have to say the VB.NET teem needs to add the refactoring that C# has!!!

My friend Woody and I found out about a party that MSDN Magazine was throwing at The Bitter End. On our way there (in an attempt to crash it), we meet up with Ari Bixhorn (from VBTV fame at Microsoft) and someone convinced him to go to the party with us. He had a pass in his hotel room… without him I don’t think we could have gotten in. Thanks Ari!

Business Card Count = 1 | Free Shirt Count = 4

For more pictures click here.

TechEd Day 2... well I arrived right after the keynote given by Steve Ballmer, which I hear was pretty good. He officially announced Web Services Enhancements (WSE) 2.0. To learn more click here. I also heard that the conference “over” sold out. There are 12,000 geeks in this place. WOW! I have never seen so many at one place in my life.

The rest of my day was filled with going to the following sessions:

• Service Orientation and the Windows/.NET Developer
• Prescriptive Guidance-Juggling Web Services, WSE, .NET Remoting, System.EnterpriseServices, and MSMQ
• Applied Web Services in Hewlett Packard's Core eCommerce Solutions
• Best Practices for Dealing With State at Multiple Layers Within Your .NET Applications.

All of these sessions were in the Connected Systems topic group. Unfortunately, most of them were kind of a let down, especially the first one. The last one was the best out of the bunch.

I was impressed how nice the San Diego Convention Center people were and there were always (free) food and drinks (including bottled water) outside of the session rooms at all times. On my way out for the day I stopped by the TechEd store to pick up some shirts.

Free Shirt Count = 2

For more pictures click here.

TechEd Day 1… actually the pre-conference day, but I did not go to that. Instead, I went to the INETA User Group Leader Summit on behalf of the user group that I help run called the San Diego .Net Developers Group. This meeting had over 70 user group leaders from around the country and a few from other countries. It was great to learn about how INETA can and is planning to help our user group. I meet some old friends and made some new contacts that I hope will be useful in the future for our group.

Besides a cool bag of swag we received when we arrived, the meeting was followed by an open-bar cocktail party (see picture to the right) and another very cool bag of swag provided by MSDN.

Business Card Count = 4 | Free Shirt Count = 3

For more pictures click here.