I just got this message from Skype about a security update:



Apart from the stray non-printable control char after the question mark, this is pretty much the way security update notices should go out for consumer applications.

The security fix only works if people download and run the update, and if the message can't be read by the intended audience because it is deep in techno-babble your patch is all for zip.

It reminds me of way-back-when comparing iptables on Linux 2.4 vs. IPF in OpenBSD 2.x.  The one factor that made OpenBSD more secure for me in this case was the rules were written in words the config file rather than as parameters to iptables making them less error prone and hence more secure.  I believe both those tools are now left to history now anyway...

Anyway, well done Skype

(NB:  They also blog

...from now on you can find your own

I keep finding things on flickr that I can't believe how cool they are.

Today's link is to the Stick Figures In Peril photo pool.  Who could not like the idea of people sharing photos of stick figures in peril? 

Hey,

Just a quick note, sorry if anyone has visited this site and been welcomed with an ugly message like:

Server Error in '/' Application.

Could not find a part of the path "C:\Inetpub\[...]\blockedips.config".

There is a bug in the software that makes this bug happen, but the developers are onto it and a fix is coming.

Thanks

I love it when a word comes to the surface that really fits its need. 

Julian Burnside (offical web site caution: Ugly!, selected history) wrote well on it in his book Wordwatching although he was talking about Black Holes:  Places in English where dispite our vast vocabularly and rich idomatic variations, it [English] lacks words for some common and useful ideas. (p19).  These black holes are unnaturalized foreign words.  Faux pas and deja vu make for common French examples and Schadenfreude from German.  The point of these are that the word as it is fits exactly the sentament. 

Douglas Adams, famed creator of The Hitchhikers Guide to the Galaxy also took on this subject in his book The Meaning of Liff (with John Lloyd, who later produced Blackadder), where he took little-used British place names and gave them definitions so that they could be used in conversation.  Kind of like a Robin Hood for the language:  Take a word from where no one cares much and give it to common usage.  Adams' purpose is closer aligned with this blog post than Burnside's broad historical take.  For example Skibbereen (in reality a city in West Cork, Ireland) should now mean: the noise made by a sunburned leg leaving a plastic chair.  The point of this further distraction is the meaning is not only familiar adn unnamed but modern.

To the point of all this, today I learned about the phrase Yak Shaving.  It describes situation you get yourself into when in order to do a given task you must first do another task, which itself cannot be done until you do a third task, and before long you are doing something that is completely unrelated to the task you actually intended to do but logically must preceed it.

The Wikipedia article has an excellent (allbeit New York-centric) example, as follows:

I want to wax the car today.

Oops, the hose is still broken from the winter. I'll need to buy a new one at Home Depot.

But Home Depot is on the other side of the Tappan Zee bridge and getting there without my EZPass is miserable because of the tolls.

But, wait! I could borrow my neighbor's EZPass...

Bob won't lend me his EZPass until I return the mooshi pillow my son borrowed, though.

And we haven't returned it because some of the stuffing fell out and we need to get some yak hair to restuff it.

And the next thing you know, you're at the zoo, shaving a yak, all so you can wax your car.

NB: This example actually refers to shaving a Yak, but that is only to illustrate the point.  Really it can be any kind of multi-level distraction.

The UI has had a bit of a make over.  It renders well in Firefox (watch the vids!)

While giving flickr a congratulatory aimless surf and tagging some of my own recent photos, I came across some exceedingly cool graffiti and also this bit of chalk graffiti from the streets of London.  I'm a big fan of stencil graffiti and there is just too much cool stencil and chalk work on flickr.  Go on, you have to check this out!

One thing I like most about flickr however is that the Yahoo! juice is just subtly in the background.  I'm not a big fan of Yahoo!  I don't hate them, I just never learned to love them.  To me now, flickr is 0%-suck.  If the Yahoo! banner was in your face all the time it would never be able to not suck at least a little.  MSN/Hotmail/Live - Are you listening?

On the topic of graffiti, I'm not a fan of tagging.  Nothing too deep, just that for the most part it's ugly.  It was interesting to see that Marc Ecko's tagging of Air Force One turned out to be a hoax.  Had to be really and I don't think anyone actually thought he did it, but the concept rings true.

It's all in the GetProcessesByName method of System.Diagnostics.Process.  I have included a sample below.  This sample is the kind of code you may have in Sub Main() if you are staring an application with a Sub Main().  In the sample, "MyApplication" is the name you have given your project in Project Properties. 

NB: GetProcessesByName can throw InvalidOperationException when it cannot retrieve the process information.



Dim ThisIsTheOnlyRunningInstance As Boolean

'Try to get the list of running processes to determine if to continue in this thread
Try
    ThisIsTheOnlyRunningInstance = (Diagnostics.Process.GetProcessesByName("MyApplication").Length = 1)

Catch ex As InvalidOperationException
    'GetProcessByName can throw and InvalidOperationException when for any reason it cannot complete.
    MessageBox.Show("Could not determine if this is the only copy running."), _
                              "Starting my application", _
                              MessageBoxButtons.OK, MessageBoxIcon.Information)
End Try


If ThisIsTheOnlyRunningInstance Then
    'Enable XP Visual Styles
    Application.EnableVisualStyles()
    Application.DoEvents()
    'Start the app
    Application.Run(New MainForm)

Else
    MessageBox.Show("There is already another copy running on this computer.", _
                    "Starting my application", _
                    MessageBoxButtons.OK, MessageBoxIcon.Error)
End If

Even embracing its manifold faults, I'm still a fan of Microsoft Exchange server.  It has been a tempestuous relationship of the years but I'm still there. 

However I have recently had cause to look at MailEnable and I have to say I am very impressed. The web mail is better than I expected and I think it's a keeper.  There are still a couple of configuration items I need to get straight but initial impressions are good.

Something more we can all do:  Sender Policy Framework.

http://www.openspf.org/index.html

also

http://www.ietf.org/rfc/rfc4408.txt

The gist of it is the SPF record in the DNS identifies all the valid hosts that are allowed to send mail for that domain.  Mail should not be accepted for domains with an SPF record if the originating host is not in the SPF record.

Anything that reduces spam gets my vote!

You can check your domain for this and related details at DNS Report.

I posted before about trying to determine if a SQL Server trigger is enabled or disabled.

The answer came via SQLJunkies and of course comes to us by way of OBJECTPROPERTY function.  The property is: ExecIsTriggerDisabled.

I learnt all this back in the SQL 7.0 days and my fav trick is to dive into the sysobjects & syscolumns tables for all kinds of metadata.  I never caught the OBJECTPROPERTY and the Information Schema views. 

My homework is to now get busy learning the OBJECTPROPERTY function so I can keep up with being 1 version behind :-(

Richard and his guest Kent Alstad of MCW Tech talked on ep174 of DNR about their new venture Strange Loop.

While details are scarce what we are talking about is a hardware appliance that implement managing state and compression in a router.  This means the ASP.Net View State is managed by the appliance.  The way this need to be seen is in light of the problem of scaling a web app from one server where inproc state management is OK to a multi-server web app where a SQL Server is used to hold the state in order to avoid problems arising from afinity: subsequent page requests need not hit the same server but that implies a trip to the SQL Server for each page view.

What Strangeloop are promising is the scalability of using SQL Server session state with the performance of Inproc state.  Oh so cool.

So the question I have is:  Where's my SQL Server appliances?  Great example is protocol encryption for SQL Server.  It's obscure and far from intuitive.  TDF is understood, as is SSL.  Someone give me a sexy 1U rack gizmo that glows blue and makes it all happen :)

I was listening to DNR last night, the guest was Kim Cameron and they were talking all about Identity.  The topic of the let me get my work done button came up.  This is the digital version of the boy who cried wolf story. 

When the user is bombarded with endless security dialogues that they don't understand they blur into one big let me get my work done button.

I thought I'd represent it graphically :)

When you think you have found all the places to set exchange server's data stores and moved them to a data disc you should re-check! 

There is always one that is still set to log to your system drive and the gods of pain and irony will find a way to fill it.

...with apologies to the hundred of thousdands of people trying to read this blog between midnight and 10:00am...