Saturday, July 28, 2007
From the slightly bizarre files:


...over 50 redheads rode the subway together and protested a Manhattan Wendy’s for their “racist logo.”

It sounds like they had fun... I like the idea of riding a train and suddenly realising that everyone else on board has red hair.

posted on Saturday, July 28, 2007 9:42:05 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
 Sunday, July 22, 2007
Microsoft just hired two developers I respect:
Here's hoping we can look forward to both of them coming to the next New Zealand TechEd (and Code Camp).

I'm always impressed by the super-clever people that Microsoft hire. Congratulations, Microsoft!

posted on Sunday, July 22, 2007 8:28:23 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
 Wednesday, July 18, 2007 has got it good!

Andy Oram posted to the O'Reilly Radar about his recent research on mailing lists, and linked to his article "How to Help Mailing Lists Help Readers".

In his article, Andy followed threads on some mailing lists (Linux, Perl, Ruby), and uncovered some patterns of behaviour (summarised below):
  • Many questions aren't satisfactorily answered (46%)
  • Helpers give up after a few attempts
  • Beginner users have fundamental gaps in knowledge, and need direction to other documentation sources
Now despite recent unrest about the effectiveness of the dotnet mailing list (at, in particular the performance of the mail sender, I've always been convinced of the relevance of the answers given on the list, and impressed by the tone of the replies. We've got a nice little community going, and people offer quite in-depth help wherever they can.

I'm always impressed when people go out of their way to solve a problem, such as installing a piece of software to help diagnose someones problem (Ivan Towlson, I think that was you :) ), or reliably pitching in to solve a problem (PeterB and "shane ~" are among the regular "helpers").

So I collected some statistics following a similar process to Andy's:
  • 15 recent threads from the NZ dotnet mailing list where a specific question was asked
  • I measured similar statistics on the effectiveness and time to resolution, although for some of the threads where the orginal poster didn't reply with thanks, I defined "resolution" subjectively as whether I thought a satisfactory answer had been given
  • A count of the number of messages in each thread, the number of helpful / on topic messages, off-topic, irrelevant and unhelpful messages

  • 80% of questions received a satisfactory reply!
  • There were no off-topic, irrelevant or unhelpful messages!
  • Median time to resolution was 20 minutes!
  • Longest time to resolution was 2hrs 34mins.
  • Best response times are early-mid morning, and mid-afternoon. Slower responses over lunch time.
I expected to see the dotnet list coming out well, but when you compare these numbers to the ones Andy collected, and even if you factor in some differences due to sampling / processing technique, the differences are staggering:

Table 1 (modified). Resolution times for questions on mailing lists

Minimum Median Maximum
NZ .NET list 8 mins 20 mins 2 hours, 34 mins
Perl 2 hours 8 hours 1 day, 21 hours
Rails 0.5 hours 16 hours 7 days, 10 hours
Both operating systems 0.1 hours 10.5 hours 2 days, 10 hours
Both languages 0.5 hours 13.5 hours 7 days, 10 hours
All lists 0.1 hours 11.5 hours 7 days, 10 hours

Some of the things that I believe make the dotnet list so successful:

  • The list is an extension of the user groups, and many people know each other in person
  • Everyone is in the same timezone and industry, which means the responses are fast, and usually at the same time of day that you need help
  • Off-topic conversation is kept to a seperate off-topic mailing list
  • The list subscribers have a wide spread of knowledge and experience, with some members having very deep .NET knowledge
  • Timaru is discussed monthly :)
The list server that runs the mailing lists (dotnet, sqlserver, dotnet-offtopic and others) has been tirelessly maintained by Lukas Svoboda over the past 5 or 6 years, and the not inconsiderable costs of sending out many thousands of emails a day has been sponsored by him, Microsoft, Irongate, Orbiz, Intergen and others over the years. Thanks!
posted on Wednesday, July 18, 2007 12:10:01 AM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
 Monday, July 16, 2007
It's very exciting to start advertising the NZ.NET Dev Code Camp, which will be happening in Auckland next month -- Sunday 12 August. We're running it the day before TechEd, and using one of the larger TechEd conference rooms.

Registration, and further details can be found at, and more details will be added there as we confirm them.

Tell all your friends!


posted on Monday, July 16, 2007 11:06:07 AM (New Zealand Standard Time, UTC+12:00)  #    Comments [1]
 Friday, July 13, 2007
Darryl has just posted that the NZ TechEd schedule has been updated and is available on Comnet.

I'm excited to be presenting on Windows PowerShell again -- last year was a blast, and there's new things to talk about this year.

One of the first things I do is look at the competition. It's always good to know what you're scheduled up against. At 10:45 on the Tuesday morning, I'm up against these sessions:

ARC308 - Software Factories

CON311 - Building Microsoft Windows Workflow Foundation Enabled Windows Communication Foundation Services in .NET Framework 3.5
Speaker(s): Matthew Winkler

DAT309 - Implementing Scale-Out Solutions with Microsoft SQL Server 2005
Speaker(s): Don Vilen

DEV318 - Strategies for Moving Your Microsoft Visual Basic 6 Investments to .NET
Speaker(s): Paul Yuknewicz

OFC301 - Capacity and Performance Planning for Microsoft SharePoint Products and Techologies 2007
Speaker(s): Mike Fitzmaurice

UNC302 - Microsoft Windows Mobile 6 Security In-Depth
Speaker(s): Steve Riley

WEB317 - Enhancing ASP.Net AJAX applications with Silverlight
Speaker(s): Nikhil Kothari

Come and hear about PowerShell, you know you want to!

posted on Friday, July 13, 2007 9:26:42 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [1]
 Thursday, July 12, 2007

So true: "It's so easy to write, but not always easy to read". Perl 5 in a nutshell

I've spent many happy hours spent writing perl code :)

"Help, help, I'm trapped in a nutshell! Somebody get me out of this bloody great nutshell!"

posted on Thursday, July 12, 2007 10:32:33 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
Simone writes that he's leaving NZ soon. Simone has been a welcome addition to the Wellington geek community and has contributed to presentations and conversations at the .NET user group and the Wellington geek lunches.

Come back soon Simone, we'll miss you!

posted on Thursday, July 12, 2007 9:48:30 AM (New Zealand Standard Time, UTC+12:00)  #    Comments [2]
 Wednesday, July 04, 2007
Test message

posted on Wednesday, July 04, 2007 3:05:22 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
 Monday, July 02, 2007
Ayende briefly outlines the 7 approaches for interception in .NET, techniques which are used for Aspect Oriented Programming (AOP), Dependency Injection, and other methods of ensuring that the thing you write ain't the thing that runs.

This topic is dear to my heart (a little too dear!). My University research went into different interception techniques in depth, and I surveyed the different techniques and implemented a few prototypes. My main implementation was a mixture of runtime and compile-time weaving, as they gave most flexibility in the interception points that can be attached to. Other approaches typically work by subclassing, limiting you to interception of virtual member methods only.

The .NET runtime allows a few interesting points of interception, particularly if you are interested in playing around with the Profiling and Debugging API's. Things have gotten a little better now that people have written managed wrappers, but back then, those API's made my head hurt.

One day I plan to go back into that part of my writeup and pull some text into this blog. I'd also like to fully implement my injection system, especially now that the library support has improved (Cecil is superior to R.A.I.L.) and the runtime supports lightweight code-generation.

posted on Monday, July 02, 2007 9:25:45 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
 Friday, June 29, 2007
37Signals posted a list of their favourite childrens books when growing up.

I read a lot as a kid, and my earliest book memories are of the Munch Bunch and Mr Men. Hargreave's Mr Men seems to have lasted better than the Munch Bunch, and I often see Little Miss characters on t-shirts around town.

It was a lot of fun to read the circa-1980 books with my children when they were younger. A favourite character of mine and the kids is Billy Blackberry:


He's always getting up to mischief. Writing this, I'm wondering if this book is the reason why blackberry jam is my favourite -- although upon analysis, why I'd want to eat my favourite first book character disturbs me.

Kalani and Kalista both absolutely love the Spotty Can't Sleep book that I used to read to them when they were small:

One of my favourite parts of being a parent is story time in the evenings. You can't beat a good kids book!
posted on Friday, June 29, 2007 11:23:30 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [1]
 Thursday, June 28, 2007

Sometimes your website is dead. Really dead. Designing a user experience can be hard, because there may be no way to gracefully recover.

Google Mail today:

Okay, so I tried again straight away (30 seconds is waaay too long to wait!):

I like the second message. It reassures me that my data is secure, and lets me know that I won't be able to use the site until it's fixed.

TelstraClear's error message from a while ago made me chuckle enough to save it to disk:


Thanks for the offer, but I'm finding it hard to enjoy the rest of the site when I'm in a popup window that has an error. I love the page title too: "Error (TelstraClear - Together, A better way)". Talk about empowerment! I don't think we did that error together.

posted on Thursday, June 28, 2007 9:05:20 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
I'm looking forward to presenting with Philip Cox (Trade Me) at next weeks .NET User Group meeting in Wellington.

The session "C# vs VB.NET - continuing the epic battle" is not really going to be an us-versus-them thing, but rather a presentation of some of the newer language features side-by-side.

The Wellington group is a pretty C#-focussed bunch, so it will be good for the VB.NET members to get some respect -- some of the new VB9 features are pretty compelling.

If you want to come along, check out the session details on the Wellington group site, and RSVP to me soon.

posted on Thursday, June 28, 2007 10:38:32 AM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
 Monday, June 25, 2007
I'm enjoying Acceptable TV, the user-contribution, voting, not-reality but borrowing some concepts TV programme for the attention-deficit generation. Each 'episode' is 2.5 minutes.


The exec producer is Jack Black, and the basic premise is that "some stuff is better than other stuff". It's a good blend of modern TV techniques (i.e. low production values, and voting off survivor island), and web 2.0 content generation / sharing concepts.

Some of my favourites are:
Not necessarily politically correct, but what is these days?

posted on Monday, June 25, 2007 9:09:41 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]

Dare has a good writeup of the keynote from the Seattle Conference on Scalability. It sounds like a pretty interesting conference, with presentations from Google, Amazon, Verisign and more.

The Google talk covered the three big, gutsy parts of Google's architecture: GFS, BigTable and MapReduce. By building their systems from scratch, Google is able to scale to the phenomenal size it is now.

Technologies like these are how Google can handle millions of different search phrases -- amazingly, one in four queries to their search engine have never been seen before.

Google hires smart people and lets them work in small teams of 3 to 5 people. They can get away with teams being that small because they have the benefit of an infrastructure that takes care of all the hard problems so devs can focus on building interesting, innovative apps.

posted on Monday, June 25, 2007 8:33:12 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
 Thursday, June 21, 2007

Last year at TechEd I was talking about the drive providers that ship with PowerShell, such as the ENV: drive that let's you view environment variables and the HKLM: and HKCU: drives that let you navigate the registry.

I said it would be cool if you could CD into your database server, and DIR the rows of a table. Here's how you can:

Demo SQL Provider Code

JD Trask has also put together a drive provider for mounting and navigating Zip archives:

How to Write a PowerShell drive provider

JD's example comes with some decent documentation explaining the four core classes that comprise the provider, showing how to install the provider and giving some ideas on how to extend the provider for extra credit.

It rather reminds me of a tcsh extension I used to use to cd into tar.gz's back in the day :)

posted on Thursday, June 21, 2007 10:26:11 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]

Miguel de Icaza has written a progress report on their Mono port of Silverlight, called Moonlight.

It's a pretty impressive account of what they have accomplished in the first 21 days of developing Moonlight. It's interesting to see what a team with deep knowledge of a domain can produce in an intense session of hacking.

It will be especially interesting to see what core Silverlight features the Mono team can develop by the time Silverlight 1.1 releases, so we can target our Silverlight applications to the common denominator.

Also, I wonder which will release first: Silverlight 1.1 or Moonlight 1.1?

posted on Thursday, June 21, 2007 9:51:46 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
 Tuesday, June 19, 2007

Reading Dare Obasanjo's blog, I saw reference to this email (jpg) that is linked from Analyzing the Facebook Platform, three weeks in:

"Do you know anybody that may have excess servers we could borrow for the next 5-7 days while we buy new servers of our own?"
Ali Partovi from Ilike, a day after launching on Facebook

Scale problems like this are good to have -- you have lots of customers after all. But, it must be hard to see all your hardware melting as quickly as you add it!

posted on Tuesday, June 19, 2007 9:04:19 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [1]

This is another reason why it's good to live in Wellington:

Yet More Speed for TelstraClear Internet Customers
The company will offer customers speeds of up to 25 Mbps downstream by the end of the year. This is an increase on the company’s fastest existing plan which offers speeds of up to 10 Mbps.

TelstraClear is already the fastest and most reliable home broadband in New Zealand, and they're getting faster. It's a pity that their cable network is only available in parts of Wellington and Christchurch, and that they only have 30,000ish cable modem customers.

When we bought a new house, one of the criteria for choosing which street and suburb to live in was whether we could get TelstraClear cable. I'm glad we persisted with that now -- even though it meant many phone calls to TelstraClear asking if addresses had cable coverage.

posted on Tuesday, June 19, 2007 10:21:20 AM (New Zealand Standard Time, UTC+12:00)  #    Comments [1]
This is a test message from my phone, using Kevin Daly's Diarist!Flower.jpg
posted on Tuesday, June 19, 2007 10:09:54 AM (New Zealand Standard Time, UTC+12:00)  #    Comments [1]
 Sunday, June 17, 2007

It seems like powerful presentations aren't done using Powerpoint any more. I don't know, maybe they never were...

Why you drink

Edward Tufte (the original Powerpoint detractor) has a new book out: Beautiful Evidence. An article in the New York Mag (via SVN) introduces Tufte and some of his work. He has lead a crusade against Powerpoint (his essay The Cognitive Style of Powerpoint has a good collection of the worst offenders), and his ideas have been absorbed by many designers around the world.

The new style of "multimedia"1 presentations move from slide-based to "flow"-based. Two that I have seen recently deserve mention:

"Le Grand Content"
(via Mark Fowler)

Quite funny, answers the questions of the universe with quasi-logic and witticisms:
There are three types of virgins:
a) Virgins by choice
b) Virgins by way of poor social skills
c) People who should be in group B, but who claim otherwise for reasons of prestige
Prometeus - The Media Revolution
(via Nic Wise)

The future of media and information dissemination. A little more serious...

These presentations really engage the user through zooming images, flowcharts and synchronising speech with animations.

I wonder how long before this type of presentation becomes the norm? How long until we see presentation software that supports the creation of them as easily as a standard deck of slides in Powerpoint?

And how long before people realise that although they're more engaging, they're still hiding and distorting the truth, just in different ways?

1 How weird does it feel to use that word in 2007?

posted on Sunday, June 17, 2007 10:08:54 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
 Thursday, June 14, 2007
In his post "Why Safari for Windows looks like a Mac Application", Bertrand Le Roy guesses that the Apple release of Safari for Windows may be to increase the number of developers that can competently develop applications for the IPhone.

This makes complete sense, one big problem for Safari users is that many websites just plain don't work in their browser. Windows developers can't test in Safari without Mac hardware, and many websites are accidently broken when view in Safari.

What a smart move from Apple. By releasing a Windows version of their flagship browser, no Windows developer has an excuse not to test on it!

The only challenge remaining for Apple is to keep the two browsers feature-identical. We don't want an IE5 Win vs IE5 Mac debacle...
posted on Thursday, June 14, 2007 9:05:05 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [1]
 Wednesday, June 13, 2007
Daniel Moth has two good posts on Visual Studio 2008 and the .NET Framework 3.5:
A summary:
  • The CLR isn't changing -- still the same CLR as VS2005
  • New languages C# v3.0 and VB9
  • The framework libraries don't change from 3.0 to 3.5, and just add additional namespaces (just like the move from 2.0 to 3.0)
  • LINQ is the big ticket item for me, but there are also some interesting networking and addin libraries, as well as enhancements to WCF and WF
A big feature of Visual Studio 2008 is the multi-targeting ability, which allows you to target the 2.0, 3.0 or 3.5 libraries from one IDE. No more side-by-side Visual Studio installations!

posted on Wednesday, June 13, 2007 9:44:26 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
The left-hand guy on the Vista Business DVD isn't me, I swear!

posted on Wednesday, June 13, 2007 10:01:03 AM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
 Monday, June 11, 2007
Watching PrimeTV after Letterman has finished has always been hard. Previously it was Fox News that I would fall asleep to, recently it is "infomercials". I'm not quite sure what is "info" about them.

Urine Gone! is apparently a fabulous product "For Pet or People accidents". They have a cheesy bit where they talk about getting rid of urine odours caused by people :)

How many units to they have to sell to pay for the tv advertisements?

(remove BAD from the url, as I don't want to directly link)

The (only) bit that's cool about this product is the black light stain detector. How cool and CSI-like!
posted on Monday, June 11, 2007 10:58:35 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
I watched this video last night: Reverse engineering techniques to find security bugs: A case study of the ANI exploit

From the blurb:
Alex Sotirov is a vulnerability engineer at determina. He will discuss some latest techniques in reverse engineering software to find vulnerabilities. Particularly, he'll discuss his technique that lead him to find the ANI bug (a critical new bug in WinXP and Vista).

Alex will describe the tools he uses for reverse engineering and show how he reverse engineered ANI Bug. He will continue to discussed Windows security mechanisms (ASLR, /GS) and describe how ANI exploit bypasses them.

Alex is one of the good guys. He works at determina on their intrusion prevention system, his job is to create exploits so that they can test if their software can detect and catch them. He often creates exploits by looking at the patches Microsoft releases to find out what bugs they fix.

In the presentation, Alex shows how to use a disassembly tool to analyse the differences between two dlls -- the original and the patched ones. He also explains some of the exploit-protection mechanisms, and how exploit authors can get around them:

  • /GS compiler switch which inserts a trap to check if the return pointer has been overridden (only works for functions with arrays in them, as an optimisation)
  • Data Execution Protection (DEP), which is a CPU feature to disable execution of code within data segments of memory. Stack overflows write into data blocks, and are thwarted when trying to jump to those blocks. It's only opt-in on desktop Windows, even on Vista (due to compat reasons).
  • Address space layout randomization (ASLR) which re-arranges the executable in memory so that jump locations are hard to pre-determine (but there are only 256 possible places, so it's still possible to guess the location).
Hints on how to design secure software:

  • Pick a good language and platform (e.g. Java, Python and I assume .NET). This avoids common pitfalls in languages like C++ and PHP.
  • Design your app to isolate components along trust boundaries. Develop a formal specification that details how areas of code that are accessed by users of different privilege interact with each other.
Things to avoid:
  • ActiveX. Always avoid.
  • Google Desktop Search web integration. [Must've been a popular bullet point in the room!] Exposes all local desktop search data to the possibility of a cross domain vulnerability in a browser. Securing the product relies on a browser being secure -- not a good idea.
  • Really hard to add security to an existing codebase (e.g. Windows, Oracle DB)
Take outs:

  • Assume software has security bugs. Build in things that will make exploitation harder, and will minimise damage.
  • Avoid single sign-on for web services, as if one app is exploited, other services can be attacked.

Alex ended with a diagram showing the exploit prevention features in different OS's:


OSX doesn't use many of the current protection techniques that other OS's currently do. I guess this shows how Microsoft are trying harder with each release, but Apple are finding it hard.

posted on Monday, June 11, 2007 9:34:29 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
 Saturday, June 09, 2007
Two of my favourite areas of software development are privacy and security. As applications get less siloed and more connected, understanding the boundaries between "mine and theirs", and implementing the system correctly are becoming increasingly important.

A little tid-bit I found interesting today was:
Did you know that the new trend is phone phishing? Criminals use VoIP to emulate the bank’s voice prompt system and lure people into giving their account information.

That's worth thinking about if you're an organisation that provides a phone-based service such as phone banking or checking account balances. Tricking someone to dial a phone number (especially an 0800) is probably as easy as tricking them into going to the wrong website.
posted on Saturday, June 09, 2007 12:32:06 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]
TechEd NZ is selling out fast. They have also updated the website since I last went there, but the list of speakers hasn't been finalised yet.

Our TechEd is a catch-all for all Microsoft technologies and releases, but in the US there are 3 different Microsoft events to follow if you're a developer: MIX, TechEd and PDC. MIX and TechEd US have both happened recently, and there's no PDC this year.

This year, MIX has had a lot of the cool stuff for developers -- Silverlight 1.1, the DLR, Dynamic VB, Iron Ruby and more. From the lack of developer buzz around TechEd, and my reading of TechEd Bloggers, it sounds like the TechEd conference had more in store for the IT Pro's than the developers, delivering more in the product / platform space.

Here's looking forward to TechEd NZ. I'm looking forward to hearing how IronRuby has progressed in the intervening months, and hopefully seeing some new Silverlight stuff. I'll (hopefully) be presenting on Powershell again, which is one of my favourites. Check out the Powershell blog too, good stuff regularly pops up on there.

posted on Saturday, June 09, 2007 12:12:12 PM (New Zealand Standard Time, UTC+12:00)  #    Comments [0]