I was listening to DNR last night, the guest was Kim Cameron and they were talking all about Identity.  The topic of the let me get my work done button came up.  This is the digital version of the boy who cried wolf story. 

When the user is bombarded with endless security dialogues that they don't understand they blur into one big let me get my work done button.

I thought I'd represent it graphically :)

When you think you have found all the places to set exchange server's data stores and moved them to a data disc you should re-check! 

There is always one that is still set to log to your system drive and the gods of pain and irony will find a way to fill it.

...with apologies to the hundred of thousdands of people trying to read this blog between midnight and 10:00am...

So I mentioned earlier that I am excited about using XPath against XML data stored in SQL Server (v2000 at the moment) but I keep coming up against the same problems, like text/ntext data types are invalid for local variables in a batch and I can't fit the documents I want inside varchar(8000). 

The result with the most Google Juice on this points to the solution we all want.  There needs to be a version of sp_xml_preparedocument that accepts a pointer to a text/ntext column.  There are various solutions around, none of which are kind on server resources (like creating an undetermined number of varchar(8000) variables in scope) and none of which are pretty.

The chances of getting this went from slim to none last Nov.  Oh well.  I've yet to sink my teeth into SQL Server 2005 and I know they have done a lot with XML in that release, but Microsoft:  Do you think every system and team cuts over to the new version of your products the day after launch?  I understand you're excited but the same happened to VB6 when VS.NET 1.0 came out.

The project I have in mind involves taking the XML out of Excel documents and working with it using XPath and XSLT.  So for now this dosen't live in the data tier.  Oh well.  The sun will rise on the morning.

Oh and a nod to the brainy and beautiful Anina for "google juice" links. 

I've been a fan of Crypto-gram for ages.  Blogged about it too.  It's author, Bruce Schneier, really knows his stuff.  It's a welcome reminder each month than when dealing with information security -as everyone employed in tech really is- paranoia is a very healthy emotion.

He asked bloggers to help spread the word of a proposed contest on Movie-plot terrorist threats.  These are the kind where (in my words) someone has a maybe valid/maybe invalid idea about how a terrorist can go about their aims, then removes the doubt around their own stupidity by trying (often including proposing great expense) to mitigate the risk.  Sigh.

I'll be tracking the Technorait results for this too :)

I have reprinted Mr Schneier verbatum from this month's Crypto-gram below.


Movie-Plot Threat Contest



NOTE: If you have a blog, please spread the word.

For a while now, I have been writing about our penchant for "movie-plot
threats": terrorist fears based on very specific attack scenarios.  Terrorists with crop dusters, terrorists exploding baby carriages in subways, terrorists filling school buses with explosives
-- these are all movie-plot threats.  They're good for scaring people, but it's just silly to build national security policy around them.

But if we're going to worry about unlikely attacks, why can't they be exciting and innovative ones?  If Americans are going to be scared, shouldn't they be scared of things that are really scary?  "Blowing up the Super Bowl" is a movie plot to be sure, but it's not a very good movie.  Let's kick this up a notch.

It is in this spirit I announce the (possibly First) Movie-Plot Threat Contest.  Entrants are invited to submit the most unlikely, yet still plausible, terrorist attack scenarios they can come up with.

Your goal: cause terror.  Make the American people notice.  Inflict lasting damage on the U.S. economy.  Change the political landscape, or the culture.  The more grandiose the goal, the better.

Assume an attacker profile on the order of 9/11: 20 to 30 unskilled people, and about $500,000 with which to buy skills, equipment, etc.

Post your movie plots here on this blog.

Judging will be by me, swayed by popular acclaim in the blog comments section.  The prize will be an autographed copy of Beyond Fear.  And if I can swing it, a phone call with a real live movie producer.

Entries close at the end of the month -- April 30.

This is not an April Fool's joke, although it's in the spirit of the season.  The purpose of this contest is absurd humor, but I hope it also makes a point.  Terrorism is a real threat, but we're not any safer through security measures that require us to correctly guess what the terrorists are going to do next.

Good luck.

Post your entries, and read the others, here:
http://www.schneier.com/blog/archives/2006/04/announcing_movi.html

Movie-plot threats:
http://www.schneier.com/essay-087.html

http://www.time.com/time/nation/article/0,8599,175951,00.html
http://www.schneier.com/blog/archives/2005/10/exploding_baby.html
http://www.schneier.com/blog/archives/2006/02/school_bus_driv.html
http://www.imdb.com/title/tt0075765

There are hundreds of ideas here:
http://cockeyed.com/citizen/terror/plans/terrorwatch.html

Since I was doing nothing else on Monday, after the blog post below I spent a couple of hours going through the work in Visual Studio.

While I am still not sold on the concept of the tests driving the development process, it does make you consider your class design from the point of view of it's consumers.  Also the screencast did help bring some clarity to practical test design with NUnit, which is something I strugled with earlier.

My next problem with it:  How do we manage the problem that arises from programmers testing their own input validation for example?

Also the MVP pattern was easier to implement than it looked on DNR TV.  I look forward to watching the episode dedicated to it.

Maybe it's a hangover from a public holiday but I can't seem to find out from the system tables or sprocs.  Man it can't be that hard!

Google here I come :-(

Stay tuned for update if I find out...

So I'm catching up on some DNR TV with an easter egg and I'm watching the episode on Test Driven Development with Jean Paul Boodhoo [part 1 & part 2].  The obvious flaw -which they caughed to later- was trying to cover TDD, Interface-based programming with mock objects using NMock, and the model-view-presenter pattern, and an intro to ReSharper in one show.  Just too much new information.  Later they did a show on MVP (I am still to watch this...)

Anyway, it's clear the JPB is very capable at making this agile + patterns mashup work well for him, but I can't escape the common criticsm that it's just so much heavy lifting up front!   I'm prepared to accept that this work pays dividends, but they must accept that at first look this methodology looks to be the enemy of prodictivity, and that is going to be a very hard sell for regular mortals in the SME/ISV space.

The one idea I'd like to contribute to the debate is a what-if:  What if JPB & his freaky kind are just doing in long-hand now, what in future revs of Visual Studio we will be able to declaratively to get the same benefit with less effort?  Then, I'd be interested!

While on the topic of DNR, and DNR TV, the Dot Net Rocks! guys (I get the impression Carl specifically) have been on the bandwagon of using BitTorrent.  Makes sense when you are distributing content like they are.  They like µTorrent, me I hvae been a fan of Shareaza, because it's an open-source project rather than a commercial veture it has no problems being banner & pop-up free and has a seriously slick UI, but I just found out uTorrent supports RSS feeds that include .torrent files - perfect for having your DNR and DNR TV downloaded!

While on the topic of Carl, Pwop Productions, and their shows... Hanselminutes show #12 "Top Ten Utilities you Didn't Know You Had" is well worth 30 of your minutes.  Some old, some new, there has to be a time-saver in this bunch for anyone.

Obviously it's been too long between blogs for meso apologies for the link-fest and drifting between tangents... you may return to you're regular scheduled programming...

Getting back to normal on the network now.  New server for this blog, prompted by an exploded hard drive, evidence below...