Jerry Dennany's Occasional Clue

I read this recently on a pro-linux message board, and found it humorous:

(Matrix's Morpheus speaking to Neo)

“Microsoft Windows is a system, Neo. That system is our enemy. But when you're inside, you look around and what do you see? Businessmen, Teachers, Lawyers, Carpenters...the very minds of the people we're trying to save. But until we do, these people are still a part of that system, and that makes them our enemy. You have to understand, most of these people are not ready to be unplugged from Windows. And many of them are so innerred, so hopelessly dependent on the system that they will that they will fight to protect it. Are you listening to me, Neo? Or were you laughing at the stupid MSN fairy again?"  [1]

If anyone is searching for the obligitory .net reference, note the article title in the linked material.

News.com.com ( aka C|NET ) has an interesting bit about Microsoft's study of newsgroup and email list postings.  I wonder if some of this analysis is used in their MVP selections?  Perhaps MVP nominations in the future will be automated, and MVPs will see their “score” on some special site?

Of course, next we'll have people who figure out how to 'game the system', as the AI for this will apply weight to certain factors.  It'll be interesting to see how this technology will proceed.

<RANT>
Ok, there's been a few people who don't know better talking about how everyone should have been patched for MSBlaster already, and that all admins who haven't patched are morons.

This is a pretty easy statement to make when you are responsible for 1-10 machines, and patching pretty much means hitting windows update.

However, life isn't that simple for everyone.  In addition to my developer hat, I also have the (mis?)-fortune of being the IT manager for my company's site of ~200 nodes, with about a dozen production servers and a similar number of dev & qa servers.  We are part of a bigger, global enterprise network consisting of about 60,000 nodes.

Let me say that again.

60,000 nodes.

My site experienced no disruption by W32.Blaster.Worm, because as IT Manager, I aggressively patched our production servers 3 weeks ago, followed by an equally aggressive client patch plan.  It took two entire weeks to plan, test, and completely deploy the RPC patch across our relatively small site.  In fact, we are still playing 'whack a mole' as developers and dial in users continue to bring up un-patched systems in our environments.

I've got a pretty big advantage that many IT managers don't these days.  I have a generous IT budget that allows me to approve large amounts of overtime and software expenditures.  I still spent many, many hours of overtime making certain that we were protected.  End result?  A single computer was infected, ironically just as the user was hitting http://windowsupdate.microsoft.com from behind our firewall.

Not all of our enterprise network was so lucky.  One of our sites suffered from several hundred infections.  Our network teams quickly deployed rules at our intra-site router boundaries to prevent traffic flowing on RPC ports, at the cost of breaking several enterprise applications, including intra site and external email.  Basically, our Exchange Servers couldn't talk to each other.

Next time you are preaching about admins not deploying the patch of the day, try planning a deployment for 60,000 machines, performing enough testing to ensure that _no_ line of business applications are broken by the patch.  I guarantee that you'll have greater respect for hard working sysadmins.

Also feel free if you've always written code that is free of buffer overflow or other equally critical security bugs.  Remember that it was a developer that wrote the RPC code that is at the root cause of this security issue. 

This doesn't even mentioned the other part of our business that is governed by FDA regulations, where it can actually become a legal offense to implement an IT change without rigorous testing and documentation.  Three weeks would be lightning fast to deploy a patch in such an environment.  To deploy an un-tested patch, I would actually be risking breaking the law. (Note for my best friend, the potential FDA inspector: All CSV procedure were followed, thank you.)

(Let it be noted here that all of the above rant is my personal opinion, and in no way reflects the opinions of my employer).

</RANT>

Erik Porter's been in a quandry, though he seems to have come to a decision about whether or not to call a web service on the local machine, or the business object directly.

Interestingly enough, I was just reading Matt Powell's MSDN article that discusses this very subject: 

Performance Considerations for Making Web Service Calls from ASPX Pages. 

To quote the pertinent paragraph:

 It should be noted that thread pool limitations are exacerbated if your ASP.NET application is making Web service calls to the local machine. For instance, the test application that I created for this column calls a Web service on the same machine as the ASPX pages. Therefore, for blocking calls, a thread is being used for the ASPX page as well as for the ASMX Web service request. This effectively doubles the number of simultaneous requests our Web server is handling. In the scenario where we are making two simultaneous Web service requests (using asynchronous Web service calls), we end up tripling the number of simultaneous requests. To avoid these types of problems when calling back to the local machine, you should consider architecting your application to simply execute the code in the Web method directly from your ASPX code.

So, today I learned (via Mathew Reynolds) that Korby Parnell is piping up about the future of Visual Source Safe, calling it “100 decibels of source-controlled joy.”

After perusing the list of improvements for VSS in the Whidbey release, we find such impressive claims as “programmers will enjoy improved performance and tighter integration between Visual SourceSafe and the Visual Studio IDE."  C'mon, folks.  This claim is made in every single release of Visual Studio.  Next!

Face it, VSS is probably the worst commercial source code control tool on the market.  I believe, as a software configuration manager, I'm qualified to make this statement. The problems with VSS require a re-architected solution, and probably an entirely new product, not an upgrade release to an existing one.

The other day I mentioned that I was going to my first DotNet Users Group meeting here in Atlanta.  Someone had asked that I post my impressions, so I'll do so.
First, I'd like to express my utmost respect for anyone that has the ability and inclination to stand up in front of a group of people and give a presentation, especially in front of a bunch of techies who could likely chew you up and spit you out. There's nothing like being heckled by some of the guys who may very well have helped “write the book” on the subject that you are talking about.  That takes guts, and I tip my hat to you.
Now, on to the show.  I arrived during the pre-show festivities - the organizers were, for lack of a better term, organized.  Check in was quick, we were given a complimentary copy of ASP.NET Pro magazine, a nametag, and a raffle ticket for the schwag raffle at the end (in this case, several ASP.NET books and a few t-shirts, none of which I was the recipient of.)
The facilities were very nice, as it was located at the Georgia Center for Advanced Telecommunications Technology.  The conference hall was wired, with ethernet run to each seat location.  Very few people brought laptops, but it was obviously convenient for those who had.
The first half hour was dedicated to networking, and meeting people. As is true with many techies, this really isn't my forte, but I did find myself in a fairly interesting conversation or two. The crowd was predominantly contractors, with very few permanent employees present.  I wasn't so surprised by this, really, but I did note one thing that struck me as interesting.  Of the (few) that were admittedly unemployed, they tended to congregate amongst themselves, and generally commiserate. The self proclaimed 'successful' people also congregated, and had passionate conversations about their latest projects. Was the passion (or lack theirof) a causal factor of employment, or an effect? I'd vote the former - it's likely that people who are more passionate about their work are also more likely to be employed.
The main presentation was “Deploying .Net Applications Using Visual Studio” by Doug Ware.  Doug did a pretty good job of presenting a relatively dry topic.  As I've blogged about before, I'm not a big fan of MSI, and that's pretty much what we were covering.  In the hour long presentation, Doug showed us how VS.NET can be used to create an extremely simple deployment solution, and the cases in which it might fall short.  Let me tell you, the cases in which it falls short far outnumber the ones in which it doesn't.  If you are looking to put a simple GUI onto what would basically be an XCopy deployment + shortcuts + Uninstall capability, then VS.NET deployment solutions might be for you.  In all other cases, look towards InstallShield or Wise for your deployment solutions.  You'll thank yourself in the long run.
Still, big thanks to Doug for taking us on the nickel tour of VS.NET deployment solutions. I'd also like to thank the sponsor - but I'd also like to point this out to all sponsors of events like this.  If you've spent the money to sponsor a meeting, it's really OK to spend a minute or two hyping your company or tech. I'd forgotten who the sponsor was 2 seconds after it was announced, because they didn't have anything to say.  Really, say something, so I can remember you.  Tell me why I want to know you, or your product. You've paid for the time, use it. Remember, though - I don't want a boring marketing presentation.

 I think I'll give these DNUGs another try or two. I'm looking forward to next month's presentation, “Multi-Threading in .NET” by Doug Turnure.

I mean that literally:

Primate Programming Inc: The Evolution of Java and .NET Training

;-)