I got this message again this morning and I am so sick of it!

Only 16 chars?  O RLY?  What if my dog's name is more than 16 chars long?

Further investigation of the JS source reveals that other error messages include:

Password can only contain letters and numbers

I am always talking to people about password policy and no wonder people are confused.  So much good guidance out there is buried under so much rubbish.

Compare this to the other user experience that is becoming more common:

Much better!  There was a time when it would be appropriate to explain why the second case is better... but in this day and age it should be obvious.  It is all about coercing people to do good passwords until they are made obsolete in the future.

Since Version 1.0.60731.0 of the ASP.NET AJAX Control Toolkit there has been a quite good Password Strength control available to the ASP.NET platform.  Everyone else (like my first, deliberately anonymous example) can just Google it!  There are plenty of samples available.

One that I liked was at Gerd Riesselmann's blog, where he shares (GPL) a simple example suitable for learning how this is done.

What do you think?  Is there any excuse for giving poor password guidance in 2007?

So lots of people (18 or so) are interested in talking about nothing.

Not nothing per se, but null.

Looking at the 200-odd posts to the list in the last month or so, near half of them are on the topic of null comparison, that Greg Low started with regards to his connect item.

OK, so the discussion drifted all over the topic and my contribution, fair to say did not advance the start of the art...

At the end of the day however (is it done yet guys?), it turned into a really good discussion around null, the meaning of comparison and T-SQL semantics, so thanks guys.

Mine, as so many other software companies rely on camel case for brand identity.  I knew as soon as I had to spell it out to the lady at ASIC that I was going to be spelling it out every time it is said in meat space.  I ‘spose that’s why the business card was invented.

I found this piece in the current New Scientist.  The one with Africa/Face on the cover.

It’s entertaining, if a little bit old hat to us tech folk, and talks to usability in URLs indirectly.  (emphasis mine)

CamelCase

What’s with the outbreak of bumpy words – or should that be BumpyWords?  Do BlackBerry, MySpace, YouTube and LinkedIn signal an attack on the English Language?

Don’t Panic.  They’re examples of CamelCase (or medical capitals, BiCapitalisatioin, CapWords and InterCaps) and they’re all about forming compound words by capitalizing each chunk to preserve its identity.  This produces “camel” words with a range of “humps”.

CamelCase has been around since the 1950s in a few brand names like CinemaScope.  But it was software engineers who really took CamelCase to their hearts, using it in their program-writing conventions, and developing two separate styles; UpperCamelCase (UCC) and lowerCamelCase (lCC).

It’s not hard to see why.  If you have to wade through lines and lines of programs day in, day out, it helps to be able to tell the difference between structural elements, functions, procedures and objects provided by the language, and the names of things programmers have defined themselves.  If it’s defined by a programmer, you can’t look it up in the manual; you have to find it in the program to work out what it does.

As soon as computer keyboards were revolutionised in the late 1960s to include upper and lower-case characters, happy programmers were suddenly able to make distinctions.  For example, while “switch” is a programming-language element, “switchAddressFields” would be defined by the programmer.  The latter is virtually unreadable when presented in all lower case (switchaddressfields).

CamelCase has now made it into the world of techie products and web services, but will it go totally mainstream?  Very possibly.

In the internet age, CamelCase seems to be surging because it’s not possible to put spaces into web addresses.  Many companies feel obliged to compress their names into (www.)OneBlockOfText(.com) to preserve brand identity across all formats and media.  And consider PricewaterhouseCoopers (note the combination of lCC and UCC) and GlaxoSmithKline.

Marketing Directors at Corel, whose products include WordPerfect, say CamelCase boosts readability.  Not only that, CamelCase brand names are easily turned into catchy typographic icons and are also easier to trademark, even if made up of words which may be tricky to trademark individually.

Should linguistic purists be affronted by this corporate styling?  Jim Wallace, president of the Society for the Preservation of English Language and Literature (SPELL),  is sanguine.  “The use of such new names in daily commerce is no serious threat to the language.  We see no reason to shun them,” he says.

We wait with more than a little trepidation the break-out of a rival convention used by programmers:  underscore_delimited_names.

New Scientist, 27th Oct 2007, pg 58.

Jim Wallace may well be cheerfully confidant – what have contrived acronyms done for the language?, and I would not dare to ponder that SPELL may be a Backronym.

See ORCA - the Organisation of Really Contrived Acronyms for additionally sillyness... Actually, both the SPELL and ORCA sites are in desperate need of being pulled out of the 1990s 

Listening To:  Reggatta de Blanc, The Police

(I know, every year!  and you will see it next year too so long as I am able to type :) )

Because 31 oct == 25 dec

Listening to: You am I, Hourly Daily

So today I took delivery of my shiny new XPS M1330, here is my thoughts so far [end of day 1]

Background:

For years (and years…) I have been using a Dell Inspiron 1100.  I think of it as the little laptop that could.  I had a P4 and 1Gb of RAM but it didn’t take much to bring it to a halt.  It also generated enough heat that I had global warming protesters picketed outside for a month… I tried Vista on it and it had a WEI of 1, and to top it off I cannot live in 1024x768 for one more day!

So trying to run the latest hotness like Visual Studio 2008 and SQL Server 2008 betas was completely out of the question.

It would also blue screen switching between screen and VGA out.  OK, enough space spent on the old, bring on the new!

The new hotness

So I bit the bullet and went in for a new laptop.  After much research I chose the Dell XPS M1330.  In red.  Pillar box red.  Sexy lingerie red.  Very very red.

While the 64Gb Solid State hard drive would have been an awesome inclusion, for the extra $1000 I just couldn’t do it.

Out of Box experience.

It comes in an XPS sleeve that is actually pretty good quality, down to magnetic fasteners and neoprene sides.

Further investigation revealed a folder to keep the CDs and manuals.  It looked something like an executive folder you might take to a meeting.  A nice surprise in there was an XPS microfibre cloth.

The first thing I noticed was the weight.  This is one very light machine.  Thin, small and light. 

Upon plugging it in, the screen struck me as being exactly what the doctor ordered for the 1024x768 blues.  It is clear, bright and crisp.  Also very thin!

Design, design, design

It’s the details. 

If you search for pictures of the M1330 you will always come up with a side profile but the coolness of the hinge design for the lid didn’t dawn on me until I saw it – no, until I felt it.

At the top of the keyboard are a set of controls to eject the CD/DVD, control the audio & playback etc.  These are not buttons per se, but little touch sensitive spots that glow when you touch them.  Very cool.

The XPS M1330 comes with Creative EP-630 Noise Isolation earphones that compare quite favourably to my standard work wear – Philips SHP805.  They have 3 sizes of rubber seal for your ear, dunno how they feel when used for extended periods yet.  This was a nice surprise.

...and there are other little supprises all throughout this machine.  Someone, somewhere put thought into the design of this machine and it shows.

Now, to uninstall the crapware…

Having had a bit to do with Dell over the years, first thing I always do is open Control Panel and uninstall the bloat.  I was pleased to see so little preinstalled on my machine.

I removed:

• Google Desktop
• Google IE Toolbar
• Microsoft Works  (I have Office and didn’t want to pay for a redundant CAL, so Works is the only choice when ordering)

Things that may go if they show me the first sign of trouble, but can stay for now:

• Dell Browser Address Error Redirection (whatever that is!)
• Roxio Creator Home

So, what’s not to like:

There are a couple of minor things – so minor I only list them for completeness.  None of these are an obstacle to being very happy with this machine:

1. When you eject a CD the sound is like strangling a pigeon. Don’t ask me how I know what that sounds like, it just does.
2. Chipset does not support Intel VT.  I use Virtual PC a lot, but VMs run fine without it.
3. The system comes with a 10Gb recovery partition.  This isn’t a worry to me with 250Gb but if I had gone for the 64Gb Solid State drive for the extra thou’ I would be nuking this straight away
4. The battery in the media remote is tricky to seat properly. 

The Essential Stats:

Dell XPS M1330

CPU: Intel Core2 Duo @ T7500 2.2Ghz

OS: Windows Vista Business 32 Bit

RAM: 4Gb RAM installed – 3.5Gb Visible to 32bit OS

WEI:  4.0, broken down as follows

• processor: 5.1
• RAM: 4.8
• Graphics: 4.0
• Gaming Graphics: 4.5
• Primary Hard Disk: 5.2
  

Video: NVidia 8400M GS w/ 128Mb RAM – 1280 x 800 x 32 on 13.3”

HDD: 250Gb WD SATA

Overall

Since it is only day 1 I can't be definitive, but this machine shows every sign of being a great developer PC.  Recommended. 

The SQL Server 2008 ("Katmai") CTP 4 VHD that was published to MSDN Subscriber Downloads last week is made available as a 4-part self-extracting RAR archive. 

It can seem to have an issue in while self-extracting.  As shown in the screen cap below is it looking for en_sql_server_2008_ctp_4_vhd_part_1_of_5_.rar: 

 

This is obviously wrong because a) part 1 is not a rar - it is in the exe, and b) the download is in 4 parts not 5.  So if you see this prompt, browse for en_sql_server_2008_ctp_4_vhd_part_2_of_4_.rar.

Likewise when asked for en_sql_server_2008_ctp_4_vhd_part_2_of_5_.rar browse for en_sql_server_2008_ctp_4_vhd_part_3_of_4_.rar. 

Finally when prompted for en_sql_server_2008_ctp_4_vhd_part_3_of_5_.rar browse for en_sql_server_2008_ctp_4_vhd_part_4_of_4_.rar.  You will not be prompted for a part 5.

Once you have done that, fire up VPC or Virtual Server 2005 and enjoy!

Also, don't forget:  You can check out the LiveMeeting events on the new features in SQL Server 2008 available through the Connect site.

Listening to: Aphex Twin, Selected Ambient Works, Volume II

I have a ColorPlus monitor profiling spyder by what was formally marketed as Pantone and is now Datacolor and I profile my monitors regularly.

Today was the first time I have tried to profile it since I built my new dev workstation.  It turns out the (circa 2004) ColorPlus spider that has served me well so far is now in the legacy bin.  While it works great on Vista x32 with the XP driver it has not had signed drivers released for Vista x64.

This lead me to look at what was the latest news for loading unsigned drivers into Vista x64, since I only need the thing to run for 5 minutes once every couple of months I was hoping to see that there would be some BCDEdit trickery that may let me reboot into a non-standard config, generate an ICC profile and then boot back into "real" Windows.  Seems that option was supported on Vista RC2 and removed for the RTM.

What has this to do with Linchpin Labs?

Further investigation showed up the case of Linchpin Labs (who have a Willoughby NSW address, as well as Ottawa CA).   Linchpin released a widget called Atsiv that was itself signed and would let you load unsigned drivers through it. 

Things got interesting when Microsoft categorized Atsiv as malware. 

The Microsoft position on this is detailed in the Windows Vista Security blog, and the equally detailed response by Linchpin Labs is detailed on their site.  It's unfortunate that Linchpin do not have a blog because it would be interesting to contrast the comments on the MSDN blog to any they attract.

As for the comments it seems lots of folks think their obligation ends with complaining.  It may be fun to type crap on a message board, but my respect is reserved for the folks who put time into finding the solutions.

But, what seems missing in the discussion to me is that (depending on how you count the numbers) between 40 and 60 million copies of Vista have been shipped in 19 languages to 70 countries.  Only a slim slice of that huge number of users are the tech savvy / tech professional community who, generally speaking, keep technology and the internet working and profitable for the rest of the world.  I think it is right that security decisions favor the great unwashed masses rather than the techno-elite, who should be able to look after themselves.  A bit of perspective please people.

If you get to the bottom of the Linchpin Labs announcement you find the following:

  Linchpin Labs would like to suggest that Microsoft spend less time using debatable policy as a security mechanism, and spend more time actually tightening its operating systems.

Wha??  Isn't that what this is all about?  Driver Signing Policy is tightening the OS.  Other examples of Vista security enhancements include:

• Restricted Services (service hardening)
• DEP and NX, including supporting hardware-based DEP 
• User Account Control (UAC)
• Windows Defender / Windows Firewall / Windows Security Center (techies:  think of the 98% of the world; they need hand holding, OK)
• Network Access Protection (NAP) 
• Bitlocker and EFS
• ActiveX Opt-In, support for EV Certs and anti-phishing filter support in IE7
• ...

...and probabbly others.  Yeah I'd call this tightening the OS.

Back to my ColorPlus Spyder...

So, looking at my options:

• Get a Mac.  Oh yes would I love to get a Mac.  hmmmm :)  But, desk space, power and brain cycles are at a premium at the moment.  Also being a entry-level product the ColorPlus is a Windows-only product so it would mean getting a new spider anyway.
  
• Get a new Spider.  These are costly devices and not really top of my spend list right now.  Maybe one day.
• Abandon the DRM-infested evil Microsoft empire, like some of the commenters (e.g. "Joe" et al) on the Vista Security Blog suggest.  Just try and have a 16-bit/channel colour accurate workflow in Linux.  I've been there (not recently, but as far as I can tell things haven't changed much) and it's not fun.  Just go and spend some a couple of weeks setting it up and let me know how you get on.  Send me a postcard.  Really.

Now for some real options:

1. Email Datacolor and let them know that people are interested in Vista drivers.  Done.
2. Install a copy of Vista x86, update to the latest vid drivers, calibrate the monitor, pinch the ICC profile, reboot into my "real" Vista x64.  It'll take 1hr tops.  I'll get to this on the weekend.

um, anyone want to but a second hand ColorPlus Spyder?  One careful owner, still with original box...

Listening To: The Polyphonic Spree, The Fragile Army

Update:  My ColorPlus is no longer for sale

It turns out that in the ColorVision Knowledge Base (under Support Centre) there is an article that says:

ColorPlus users can download Spyder2express software from the colorvision website's support section, and run that software with a ColorPlus serial number and a ColorPlus Spyder. The latest versions of Spyder2express are compatable with Vista32 and Vista64.

I can confirm this works.  Spyder2express is a 120Mb download which is hefty since I only want the driver :-/  The ColorPlus is detected as a Spyder2 after installation and works as advertised.

...and would you believe their is a Mac version of ColorPlus 1.1 in the Knowledge Base that is not listed in the Support downloads.  I'm happy to be wrong anytime it works out for the best :)

Listening to: The Campfire Headphase, Boards of Canada

It was great being able to have the opportunity to elucidate my thoughts on this matter formally at SQL Down Under Code Camp '07.

For completeness, here are my slides: The Zen of T-SQL SDU CC.ppt (128.5 KB)

I really enjoyed meeting so many nice and very clever folks.  Thanks to Greg and all involved in putting on the Code Camp, what a really great event!

For the record, the image is of Kasprowicz catching Pietersen at NatWest Challenge Final, The Oval, 2005.