Sunday, June 17, 2007

It seems like powerful presentations aren't done using Powerpoint any more. I don't know, maybe they never were...

Why you drink

Edward Tufte (the original Powerpoint detractor) has a new book out: Beautiful Evidence. An article in the New York Mag (via SVN) introduces Tufte and some of his work. He has lead a crusade against Powerpoint (his essay The Cognitive Style of Powerpoint has a good collection of the worst offenders), and his ideas have been absorbed by many designers around the world.

The new style of "multimedia"1 presentations move from slide-based to "flow"-based. Two that I have seen recently deserve mention:

"Le Grand Content"
(via Mark Fowler)

Quite funny, answers the questions of the universe with quasi-logic and witticisms:
There are three types of virgins:
a) Virgins by choice
b) Virgins by way of poor social skills
c) People who should be in group B, but who claim otherwise for reasons of prestige
Prometeus - The Media Revolution
(via Nic Wise)

The future of media and information dissemination. A little more serious...

These presentations really engage the user through zooming images, flowcharts and synchronising speech with animations.

I wonder how long before this type of presentation becomes the norm? How long until we see presentation software that supports the creation of them as easily as a standard deck of slides in Powerpoint?

And how long before people realise that although they're more engaging, they're still hiding and distorting the truth, just in different ways?

1 How weird does it feel to use that word in 2007?

posted on Sunday, June 17, 2007 10:08:54 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
 Thursday, June 14, 2007
In his post "Why Safari for Windows looks like a Mac Application", Bertrand Le Roy guesses that the Apple release of Safari for Windows may be to increase the number of developers that can competently develop applications for the IPhone.

This makes complete sense, one big problem for Safari users is that many websites just plain don't work in their browser. Windows developers can't test in Safari without Mac hardware, and many websites are accidently broken when view in Safari.

What a smart move from Apple. By releasing a Windows version of their flagship browser, no Windows developer has an excuse not to test on it!

The only challenge remaining for Apple is to keep the two browsers feature-identical. We don't want an IE5 Win vs IE5 Mac debacle...
posted on Thursday, June 14, 2007 9:05:05 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [1]
 Wednesday, June 13, 2007
Daniel Moth has two good posts on Visual Studio 2008 and the .NET Framework 3.5:
A summary:
  • The CLR isn't changing -- still the same CLR as VS2005
  • New languages C# v3.0 and VB9
  • The framework libraries don't change from 3.0 to 3.5, and just add additional namespaces (just like the move from 2.0 to 3.0)
  • LINQ is the big ticket item for me, but there are also some interesting networking and addin libraries, as well as enhancements to WCF and WF
A big feature of Visual Studio 2008 is the multi-targeting ability, which allows you to target the 2.0, 3.0 or 3.5 libraries from one IDE. No more side-by-side Visual Studio installations!

posted on Wednesday, June 13, 2007 9:44:26 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
The left-hand guy on the Vista Business DVD isn't me, I swear!

http://www.makezine.com/blog/archive/2007/06/who_are_these_three_guys.html


posted on Wednesday, June 13, 2007 10:01:03 AM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
 Monday, June 11, 2007
Watching PrimeTV after Letterman has finished has always been hard. Previously it was Fox News that I would fall asleep to, recently it is "infomercials". I'm not quite sure what is "info" about them.

Urine Gone! is apparently a fabulous product "For Pet or People accidents". They have a cheesy bit where they talk about getting rid of urine odours caused by people :)

How many units to they have to sell to pay for the tv advertisements?

UrineGone.jpg

http://www.BADasseenontv.com/prod-pages/urine_gone.html
(remove BAD from the url, as I don't want to directly link)

The (only) bit that's cool about this product is the black light stain detector. How cool and CSI-like!
posted on Monday, June 11, 2007 10:58:35 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
I watched this video last night: Reverse engineering techniques to find security bugs: A case study of the ANI exploit

http://video.google.com/videoplay?docid=-7185841369679533904

From the blurb:
Alex Sotirov is a vulnerability engineer at determina. He will discuss some latest techniques in reverse engineering software to find vulnerabilities. Particularly, he'll discuss his technique that lead him to find the ANI bug (a critical new bug in WinXP and Vista).

Alex will describe the tools he uses for reverse engineering and show how he reverse engineered ANI Bug. He will continue to discussed Windows security mechanisms (ASLR, /GS) and describe how ANI exploit bypasses them.



Alex is one of the good guys. He works at determina on their intrusion prevention system, his job is to create exploits so that they can test if their software can detect and catch them. He often creates exploits by looking at the patches Microsoft releases to find out what bugs they fix.

In the presentation, Alex shows how to use a disassembly tool to analyse the differences between two dlls -- the original and the patched ones. He also explains some of the exploit-protection mechanisms, and how exploit authors can get around them:

  • /GS compiler switch which inserts a trap to check if the return pointer has been overridden (only works for functions with arrays in them, as an optimisation)
  • Data Execution Protection (DEP), which is a CPU feature to disable execution of code within data segments of memory. Stack overflows write into data blocks, and are thwarted when trying to jump to those blocks. It's only opt-in on desktop Windows, even on Vista (due to compat reasons).
  • Address space layout randomization (ASLR) which re-arranges the executable in memory so that jump locations are hard to pre-determine (but there are only 256 possible places, so it's still possible to guess the location).
Hints on how to design secure software:

  • Pick a good language and platform (e.g. Java, Python and I assume .NET). This avoids common pitfalls in languages like C++ and PHP.
  • Design your app to isolate components along trust boundaries. Develop a formal specification that details how areas of code that are accessed by users of different privilege interact with each other.
Things to avoid:
  • ActiveX. Always avoid.
  • Google Desktop Search web integration. [Must've been a popular bullet point in the room!] Exposes all local desktop search data to the possibility of a cross domain vulnerability in a browser. Securing the product relies on a browser being secure -- not a good idea.
  • Really hard to add security to an existing codebase (e.g. Windows, Oracle DB)
Take outs:

  • Assume software has security bugs. Build in things that will make exploitation harder, and will minimise damage.
  • Avoid single sign-on for web services, as if one app is exploited, other services can be attacked.

Alex ended with a diagram showing the exploit prevention features in different OS's:

OSProtectionMechanisms.jpg

OSX doesn't use many of the current protection techniques that other OS's currently do. I guess this shows how Microsoft are trying harder with each release, but Apple are finding it hard.

posted on Monday, June 11, 2007 9:34:29 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
 Saturday, June 09, 2007
Two of my favourite areas of software development are privacy and security. As applications get less siloed and more connected, understanding the boundaries between "mine and theirs", and implementing the system correctly are becoming increasingly important.

A little tid-bit I found interesting today was:
Did you know that the new trend is phone phishing? Criminals use VoIP to emulate the bank’s voice prompt system and lure people into giving their account information.
(http://frenchfamily.org/hunter/?p=132)

That's worth thinking about if you're an organisation that provides a phone-based service such as phone banking or checking account balances. Tricking someone to dial a phone number (especially an 0800) is probably as easy as tricking them into going to the wrong website.
posted on Saturday, June 09, 2007 12:32:06 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
TechEd NZ is selling out fast. They have also updated the website since I last went there, but the list of speakers hasn't been finalised yet.

Our TechEd is a catch-all for all Microsoft technologies and releases, but in the US there are 3 different Microsoft events to follow if you're a developer: MIX, TechEd and PDC. MIX and TechEd US have both happened recently, and there's no PDC this year.

This year, MIX has had a lot of the cool stuff for developers -- Silverlight 1.1, the DLR, Dynamic VB, Iron Ruby and more. From the lack of developer buzz around TechEd, and my reading of TechEd Bloggers, it sounds like the TechEd conference had more in store for the IT Pro's than the developers, delivering more in the product / platform space.

Here's looking forward to TechEd NZ. I'm looking forward to hearing how IronRuby has progressed in the intervening months, and hopefully seeing some new Silverlight stuff. I'll (hopefully) be presenting on Powershell again, which is one of my favourites. Check out the Powershell blog too, good stuff regularly pops up on there.

posted on Saturday, June 09, 2007 12:12:12 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
 Wednesday, June 06, 2007
Friends of mine at Vic Uni set up NZ Wired, a community organisation that aims to set up a distributed community-based broadband network using cheap equipment.

The idea is that anyone you can see from your house (i.e. line of sight) can potentially send bits your way.

While a great idea, in practice the cheap broadband available in Wellington (thanks, Telstra!) and the difficulties in setting up hardware have made it a bit hard to set up a network. For example, you can't just string network cables along fenceposts due to problems with AC phases and lightning strikes :)

This $99US solar-powered wifi repeater sounds like just the thing for community networks. Anyone in line of sight of Churton Park, Newlands or Paparangi?

posted on Wednesday, June 06, 2007 11:17:43 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
Using these definitions, I'm definitely a LiBeral Programmer, and I love working in the great team at Xero.

Try the test yourself

DHTB

You're a Doer.
You are very quick at getting tasks done. You believe the outcome is the most important part of a task and the faster you can reach that outcome the better. After all, time is money.


You like coding at a High level.
The world is made up of objects and components, you should create your programs in the same way.


You work best in a Team.
A good group is better than the sum of it's parts. The only thing better than a genius programmer is a cohesive group of genius programmers.


You are a liBeral programmer.
Programming is a complex task and you should use white space and comments as freely as possible to help simplify the task. We're not writing on paper anymore so we can take up as much room as we need.

posted on Wednesday, June 06, 2007 10:56:59 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
I've had the pageofwords.com domain for a few years now, and it's my favourite.

The original version of the site (archived as at 6 March 2001) was a bit of a joke, and was my first experience with really crappy search engines sending unwanted traffic to your webserver. I think I served hundreds of megabytes of pages to the unwitting users of a few search engines that thought the page should be a high-ranking result for just about any dictionary word :)

What's your favourite domain name that you own?

posted on Wednesday, June 06, 2007 10:46:32 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
Look what I stumbled on at Nikhil Kothari's Weblog:


(click to enlarge)

$3.35/hr! How can we compete!

posted on Wednesday, June 06, 2007 10:36:55 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
Observing your users while they use your software, either directly, or through A/B usability testing is a good way to discover what they are actually doing.

Jeff Atwood at Coding Horror writes about observing users, and links to a pdf paper Practical Guide to Controlled Experiments on the Web that advocates A/B testing as a way of finding out what your customers really prefer.

"A/B Testing" is putting up two scenarios ("Scenario A" and "Scenario B"), and then measuring the impact of the changes by testing against a control. This is quite common in other areas of science, but less so in software development.

Rowan Simpson and Sam Morgan from Trade Me both show examples of the successes Trade Me has had when doing A/B testing, and they have developed systems to perform A/B tests, such as running one version of feature for one half of their users, and the new feature for the other half.

Learning from your users is very important. They are the best people to ask about your product. Unfortunately, when you ask them, you get different results than when you observe them.

posted on Wednesday, June 06, 2007 10:25:49 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
 Sunday, June 03, 2007

Subspace: Secure Cross-Domain Communication for Web Mashups

http://www2007.org/program/paper.php?id=801

This paper describes a new method of mashup communication that avoids some of the security and privacy concerns of existing approaches.

Exec summary: Create a little eco-system per mashup, perform some setup while you have trust, and then reduce your trust before running the mashup code.

Most mashup systems have to choose between completely isolating a mashup from the containing page using an iframe, or by using a <script> tag to include the mashup, which exposes the surrounding page (and all other gadgets on it) to malicious actions that one gadget can perform.

A few systems have tried different approaches.

At TechEd 06 in Auckland, George Moore described a new Address Book mashup that they were prototyping for Live.com (not sure if it was ever released) that used document fragment identifiers (the #blah bits of the url) and a complicated polling and window.location changing mechanism to communicate serialised javascript objects. It was quite fragile because of the need to serialise the information into chunks that could fit on the end of the urls, and because the javascript library to support the communication needs to guarantee delivery and sequencing of the communication.


The "Subspace" approach presented in this paper uses two browser features to sandbox the mashup's executing code from the surrounding page:
  • document.domain = "foo.com", which allows javascript to consent to communication by other frames that set the same document.domain
  • a communicating object which is passed in to a frame before it changes it's security context with the document.domain call
The mashup is then run in the sandbox using a regular <script> tag, and data is communicated back up to the surrounding page using the communicating object.

The authors also document some of the differences between the major browsers -- IE6 and IE7, Firefox, Safari and Opera -- and explains how the Subspace solution works within each browser (callback methods on the communicating object for some browsers, polling in other browsers).

The Subspace approach is quite clever, and works in a similar to other programming environments that allow you to do some setup in a trusted configuration, and then lower your privileges before running untrusted code. This approach is common in setuid unix programs, or in .NET AppDomains.

posted on Sunday, June 03, 2007 9:15:16 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]

This will be my fifth attempt at blogging -- my first in 2000ish (though not programming related), with several subsequent efforts that have languished since then. Each time there has been some reason to get started blogging again (usually an event of some sort), and then life has caught up with me...

So, thanks to the encouragement of Ivan Porto Carrero, I have a new fandangily blog up here at pageofwords.com (RSS / atom)

Who am I?

  • Software developer living in Wellington, NZ
  • Working for Xero
  • Organise the Wellington .NET Users Group, which meets monthly to discuss the latest .NET technologies
  • Help to organise Code Camps around the place (next one in Auckland, just before TechEd)
  • Microsoft MVP
  • Possess an unhealthy interest in the banal details of the Common Language Runtime
  • Two gorgeous kids and a beautiful wife

Who aren't I?

  • I'm not religious, neither in the traditional sense, or the Linux vs Windows / C# vs Java sense
  • I don't dance
  • I don't sing
  • I don’t drink coffee or cola
  • I don't drink, smoke, or ingest any mind altering substances
  • I don't play poker, chess nor go
  • I don't read nearly as many books as I used to
  • I don't read all my email (but I do practice Zero Blog Bounce, for some reason)
  • I'm not That Guy

But I'm not boring. Honest!

I look forward to posting all of those "I wish I had a blog" things once again...

posted on Sunday, June 03, 2007 7:28:57 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]