Wednesday, March 09, 2011
This month I gave a similar talk to two user groups. The OWASP Wellington (and Auckland over video conference), and the Wellington .NET user group both invited me to speak on: "I know what you did last summer; The latest from the world of web hacks".

This was a fun talk to deliver. The focus was on recent web 'hacks' that had occurred in the past few months (I used a pretty general definition of 'hack'), but the main discussion was around the lessons that we could learn from these issues and what we could draw back into our own projects.

I think this talk had the most amount of interaction out of any of my previous talks. There was lively discussion about what the root cause of the problem was, whether it was even fixable at all, and we lamented the effects of 'users' :)

Since the .NET talk was a superset of the OWASP one (it was longer), I've included those slides below:

2011-03-09-WellingtonNet.pdf (2.07 MB)

Thanks for coming!

posted on Wednesday, March 09, 2011 8:17:00 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
 Monday, September 27, 2010
If you're in Wellington this Wednesday and you develop, maintain, manage or host ASP.NET or SharePoint websites, please do come along to hear about the security vulnerability disclosed a week ago:

posted on Monday, September 27, 2010 9:08:47 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
 Thursday, August 26, 2010

If you're in Auckland this Sunday, come along and check out the latest Microsoft technologies from MS Communitiesmsc-logo.


It's happening Sunday 29 August from 930am till 530PM at the University of Auckland Business School. This is a free event so please Register and attend



The MS Communities website is at with the days agenda

posted on Thursday, August 26, 2010 1:07:55 AM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
 Wednesday, December 23, 2009

[I just sent this email out to all user group attendees]


Merry Christmas!


Because the year is winding up, I wanted to send you an email to thank you for being part of our great .NET user group community in Wellington this year.


The highlight this year has been the branching out of the .NET User Group: Sky Sigal has started the Silverlight user group and Mark Carroll the VSTS user group.


Another great thing we've done this year is increase the number of meetings. It has been 7 years since the first meeting in Nov 2002. In 2003 we met every two months, in 2004 we switched to monthly and this year we've switched to fortnightly (weekly, if you attend Silverlight meetings as well!)



Across the three user groups we had 31 meetings, which is pretty amazing for a 52 week year.


Looking at the stats for the Wellington .NET User Group on it's own: we had 21 meetings with 650 attendees. I went through the list and there were over 250 different people!


It has been so great to welcome new faces to our community, and to see familiar faces offer to present some of their ideas and wisdom for the benefit of others.


We ran a Code Camp again this year at Whitireia in Porirua, which went really well. I was also involved in our biggest Code Camp yet which was in Auckland before TechEd and had over 300 people attend.



I'd like to give an extra big "THANKS" to the speakers who worked so hard to put together sessions this year:

Alex Dean, Amir Shevat, Andrew Tokeley, Andy Prow, Bevan Arps, Bohdan Szymanik, Chakkaradeep Chandran, Chris Klug, Daniel McGaughran, Ivan Towlson, James Hippolite, Kevin Daly, Mike Zeff, Owen Evans, Richard Dingwall, Scott McKenzie, Sky Sigal and Tim Heuer.


Their willingness to share their experiences, put together talks and field the difficult questions really helped us all in our quest for knowledge. Also, thanks to them, I only needed to inflict myself on you as a speaker four times this year :)


I'd like to thank my employer Xero for hosting so many meetings, as well as Intergen and Provoke for hosting us in our times of need. I'd also like to thank Vicky for organising our drinks --- we appreciate it!


The prizes:

I bet you weren't expecting prizes. Aren't you glad you read this far down the email?

The inaugral winner of the "Geek of the year" goes to Bevan Arps. He was the person who attended the most user group meetings, and he presented the most sessions too. Bevan wins a Microsoft LifeCam VX-5000 valued at $100.


Please remember Bevan: when your computer is watching you, the whole world can see what you're wearing :)


To draw the winner of the "Lucky Geek" prize, I gave one entry for each meeting you attended, and used Simon Green's famous RandomDraw program to pick a winner.


The winner of the "Lucky Geek" award is Ram Petikam. Ram wins a copy of Rise of Nations / Rise of Legends, which I'm sure his teenage son will enjoy.


Your Challenge:

A lot of geeky stuff is going on in the Microsoft world. Spend a few hours this holiday season trying out something new (maybe even win an MSDN subscription ). Tell us what you did in our first meeting of the year, and you may win a prize!


Final thanks:

And the final, biggest THANKS to Microsoft! We appreciated every slice of the almost 400 pizzas we ate this year!


Have a great holiday season, a Merry Christmas and a happy new year. I look forward to seeing you at meetings in the new year.





For your edification, here are the 31 meetings we had this year. How many did you come along to?


VSTS - 2 meetings:


02/99/2009    Introduction to Visual Studio Team System 2010
18/11/2009    Team System, two years down the track

Silverlight - 8 meetings:

01/07/2009    Building Accessible Silverlight Applications
29/07/2009    The Gestalt Project
09/09/2009    All about using Unity CAL, and Prism in Silverlight
30/09/2009    Creating stuff in WPF and Silverlight 3
14/10/2009    Bindings
28/10/2009    RIA Services
11/11/2009    Silverlight Animation
09/12/2009    Styling a WPF/Silverlight application

DNUG - 21 meetings:

21/01/2009    C# 4 and .NET Framework 4.0
04/02/2009    Windows Azure
18/02/2009    LINQ Refresher, Anti-XSS and SDE Libraries
04/03/2009    Recipes for Scalability
18/03/2009    Silverlight 2
15/04/2009    SQL Data Services
22/04/2009    Silverlight 3 and .NET RIA Services
29/04/2009    Teaching the good-guys bad-tricks
06/05/2009    Best practice - Caching
20/05/2009    Best practice - Towards Maintainability
27/05/2009    Using the AJAX Controls Toolbox in SharePoint
03/06/2009    Dependency injection using Ninject
17/06/2009    ASP.NET MVC - a deeper dive
15/07/2009    How To: Design and Develop an Application to Ensure Its Quality
05/08/2009    Towards Supportability
19/08/2009    Windows Mobile 6.5 Widgets
23/09/2009    Domain Driven Design 101
07/10/2009    .NET on the iPhone using MonoTouch
21/10/2009    Behaviour Driven Development
04/11/2009    Unit Testing 101
04/12/2009    PDC Announcements, Azure, Silverlight 4, Sharepoint 2010

posted on Wednesday, December 23, 2009 10:20:43 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
 Friday, October 02, 2009

Daniel presented this talk at the Wellington Silverlight user group last Wednesday.

I enjoyed this talk. Daniel went back to basics and showed how to get up and running with Silverlight and WPF development, covered the various layouts you can use in XAML, and went through some of the fundamentals of how XAML and code interact.

I think the part I most appreciated was the content that Daniel left out of his talk. He was very well prepared, and had intentionally kept things simple, which is hard to do when you have deep technical knowledge and enjoy sharing it - I struggle with keeping my talks focussed without diverting on a tangent.

Well done Daniel, I'm looking forward to your next talk!


posted on Friday, October 02, 2009 7:56:23 AM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]

I attended Richard's Domain Driven Design introduction at the Wellington .NET user group back on the September 23.

Richard introduced Domain Driven Design and the motivations behind using it, covered the 'building blocks' and then gave some examples of how to put it in practice.

Richard has blogged the details of his talk here: Slides from my Domain Driven Design 101 Talk

I enjoyed Richard's slide deck, and his presentation style - simple slides so that my focus was on what he was saying. The parts of his talk that I took the most out of were the encapsulation of business logic into Specifications (different from the testing concept), and the explicit anti-corruption layer when interfacing with any external system.

Thanks Richard!


posted on Friday, October 02, 2009 7:51:47 AM (New Zealand Standard Time, UTC+12:00)  #    Comments [1]
 Sunday, August 30, 2009

Code Camp is less than two weeks away!

If you want to catch some free sessions on the state-of-the-art in .NET development, SQL Server and developer security then sign up for Code Camp Auckland 2009 now.

Code Camps are non-profit, and organised by members of the local developer community. This year the Auckland Code Camp is the day before TechEd (Sunday 13 September), so we've managed to nab a few great speakers on their day off to present to us.

It's the biggest Code Camp ever - over 14 hours of sessions across 3 streams from 10am till 5pm:


  • What's Happening in .NET Languages and Why Should You Care?
  • .NET on the iPhone and Beyond
  • Behaviour Driven Development
  • Domain Specific Languages
  • C# 4.0 new features
  • Silverlight with Prism
  • Becoming Certified
  • Lightning Talks
  • and more!

The latest and greatest in development topics, by the people that know!

SQL Server?

  • SQL Server Virtualisation Best Practices and Recommendations
  • SQL Server Analysis Services and Gemini
  • Query Optimization and Query Tuning
  • Understanding SQL Server Indexing
  • SQL Server Maintenance

Training and guidance from the best SQL trainers in the industry!


  • Secure Development Lifecycle and Threat Modelling workshop
  • Secure Coding Practices

We are lucky to have Michael Howard, author of Writing Secure Code and 24 Deadly Sins of Software Security giving a free workshop for developers, architects and team leads on Threat Modelling and the Secure Development Lifecycle. This will be followed by a session on how to write secure .NET code.

Auckland has never seen such an awesome free event!

Presenters that are offering their time include Greg Low, Nicholas Dritsas and Auckland's Alex Henderson of Architecture Chat fame.

To cover the costs of the event, we have the help of our generous sponsors: Microsoft, Datacom, Intergen, INETA and Xero.

All that's left for you to do is to visit the website for more details, and sign up now!

See you there on Sunday 13 September,


posted on Sunday, August 30, 2009 11:17:02 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
 Wednesday, August 19, 2009

Today at the Wellington .NET User Group, Kevin presented a talk on "Windows Mobile 6.5 Widgets".

Kevin has kindly provided his slides and samples for download:

I found this interesting. I haven't developed any applications for Windows Mobile, though I have played around a bit with the emulator and deploying code from within Visual Studio.

Widgets seem like a lot simpler application development model than native or compact framework applications. The application development model is similar to Vista sidebar gadgets, as there is a packaged zip file containing the application inside - and the application is 'simply' Javascript and HTML. Widgets can use XHR or DOM manipulation, and have access to a small amount of local storage to store preference information.

Windows Mobile 6.5 treats widgets as first-class application citizens within the OS - they have icons on the revamped start screen, and appear in the uninstall screen. As far as the user knows, they are the same as a native application.

Where the process is currently let down is in deployment and debugging. Currently a widget can only be deployed through the Windows Mobile marketplace, after the developer has signed up and the application has been reviewed (I think!). Debugging from Visual Studio seems non-existent, meaning that development is through trial and error.

I could see an enterprising person (like Kevin) building a Javascript library that simulated the API provided by the widget infrastructure, so that widgets could be developed and tested on a desktop before being deployed on a device. Kevin, am I right that all that is needed is the Widget object and some fake ActiveX controls?

All up, an interesting session.



posted on Wednesday, August 19, 2009 10:51:20 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [3]

Today I went to Nelson for lunch, and presented on Caching to the Nelson .NET User Group.

The talk was a repeat of my Wellington and Auckland talk from a few months ago, and covered various places you typically cache data in a .NET app, motivating the discussion of memcached and Velocity.

It was nice to get down to Nelson to briefly soak up the sun and meet a few new people.

View my previous post on Caching for further info.

Thanks for having me Daniel!


posted on Wednesday, August 19, 2009 10:32:39 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [1]

So this was a few weeks ago, but I thought I would post some notes here anyway.

Bevan gave a talk at the Wellington .NET User Group titled "Towards Supportability" (view his slides and notes).

Apart from marvelling at his good looking slides, the main thing I took away from his talk was the points he made on documentation. Bevan gave an approach for document systems for the person fighting the fire when all hell breaks loose. When a system is broken, and people are all over the poor systems administrator to fix it, they don't need thick architecture documents, they need something quick and actionable.

The 'Supportability' document structure:

  • Architecture - a summary of physical deployment
  • Symptoms - a list of failure modes that users might encounter
  • Actions - possible remedies
  • Procedures - step by step instructions for common procedures
  • Reference - additional reference material

The most important parts are the symptoms and actions - how to diagnose what's wrong and how to recover from it.

Cheers Bevan!


posted on Wednesday, August 19, 2009 10:24:05 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
 Tuesday, August 18, 2009

There's a lot of technology groups in Wellington. I decided to get together a list of all of them so that we could see if we clash on our regular meeting days. Please let me know if your group is missing, or the details need updating.

Most of these groups run free events with the support of their sponsors!

Form more info about geek events in Wellington, head over to or

Microsoft technology focussed:

Other technologies:

Technology 'agnostic':

Happy Geeking!


posted on Tuesday, August 18, 2009 2:26:03 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [2]