Anti-virus technology in XP SP2

Wednesday, February 25, 2004 by scott
0 comments

Dana Epp points to an Internet News article stating XP SP2 will include a virus scanner. I can see the controversy coming, as many people will be unhappy about MS bundling more software into the operating system.

I think the move was inevitable for Microsoft. When people refer to your software as a national security threat, even a global security threat, then it’s time to step up and take action.

Let’s face it – anti virus as an add-on product just doesn’t work. When someone walks into BestBuy with $50 to spend, I’m sure the products like Halo move much faster than any anti-virus software. It’s just not human nature to spend money on something preventive when you can buy something fun. Halo has much better graphics then any anti-virus software I've ever seen - the choice is obvious.

Reporting Services article

Monday, February 23, 2004 by scott
0 comments

Here is a new article demonstrating how to use the web service API of Reporting Services to build a tree view of reports available to a user. The ASP.NET project also hosts the ReportViewer sample component in a page to display reports.

Reporting Services Tree Navigation Sample

Publications & Writing

Monday, February 23, 2004 by scott
0 comments

Articles

My Books

Scalable software: a different angle

Sunday, February 22, 2004 by scott
0 comments

Friday was one of those days when I didn’t get to sit at my desk till 2 in the afternoon. What was supposed to be a quick overview of upcoming requirements became an embroiled strategic planning meeting. I came out thinking: how scalable is our software?

I wasn’t thinking of scalability in the sense that Sam Gentile was recently thinking about scalability. I was thinking that given the architecture and feature set of our software, how many clients can our small startup support?

Since I am probably as clear as mud, let me give you a scenario without too many boring details. We built an ASP.NET Intranet application. The application uses Active Directory. By using AD we saved ourselves development time in building the administration areas of the application.

On Wednesday of this week, a prospective customer and his technical team call me. They don’t use AD and have no ready plans for migration. They are using NT4 and are not buying our software if it requires a move to Active Directory. Nevermind that the clock is ticking on NT4 support options.

One of our options at this point is to rip out code relying on Active Directory and build it ourselves. I don’t like this option one bit – it’s not a one time cost. There is an ongoing cost in maintenance, regression testing, deployment, end-user training, and support. It limits the ability of our company to scale up sales, because the cost per client just went up.

In a small startup company it’s difficult to approach the CEO and sales team and tell them why making a sale is a “bad thing”. The engineering team appears mean, nasty, inflexible, and unsympathetic to customer needs. Believe me, I am sympathetic to what the customer wants. One of the benefits of a small company is having hands on contact with the customer. When they get excited about something I’ve help to create I get excited too. When they want something new I want to build it for them, but I know a company has to live within it’s means.

If you build software that is difficult to install, and configure, and support, be prepared to make a living by billing time and materials. I’m sure there are application domains that have no other option, but just make sure you go in with the proper business plan. I try hard to resist customized features, or requirements that make the software more difficult. Unfortunately, in small companies it is very hard to resist cash.

Ironically, what helps in big companies can help even more in small companies where resources are tight and people wear different hats. The two biggest process related tips I can give are 1) Have a software development process in the first place, and, 2) automate ruthlessly. Use automated builds, and as much automated testing as possible. It takes more time up front, but pays dividends many times over as time goes on by leaving less to manual intervention, and therefore chance. It also keeps you scalable.

Newsgroups, Blogs, and Magazines

Wednesday, February 18, 2004 by scott
4 comments

According to Google groups, I started posting to USENET in 1995. It seems like a long time, but a colleague of mine (we’ve worked together at not one, but two startups) has an archived post that precedes mine by almost 10 years. I’ve always liked newsgroups. I still browse and post, and if Google groups (I still type in www.deja.com) had a nickel for every newsgroup search I’ve done, I’d have to sell a kidney to buy food.

Reading through a .NET newsgroup today puts you right in the development trenches. Here you will find people trying to figure out how to call a stored proc from ADO.NET, how to work with connection pooling, and how to send email from an ASP.NET page. Unfortunately, I think 85% of the questions in newsgroups can be answered with 180 seconds of RTFM or Google time.

All of the noise in newsgroups makes the experience somewhat like listening to AM radio in a train tunnel. There is a lot of static and it’s too easy to miss any golden nuggets of information. I think this has driven a lot of quality people out of newsgroups for good. Also, newsgroups are not the place to look for what’s coming down the road. It’s interesting to note the Aero development newsgroup has received fewer posts since the beginning of the year than the reporting services group typically gets in a single day.

Blogs gives people a place to “push” ideas, in contrast to newsgroups and mailing lists, where it seems more acceptable to “pull” ideas by asking questions. Pull would work so much better if people didn’t ask the same questions over and over again each day. What’s sad is, readers looking for someone else to do the RTFM for them are boiling over into blogs.

In the newsgroup world, people post FAQs and documents like Eric Raymond’s “How To Ask Questions The Smart Way” to cut down on the noise. The problem is, the people who don’t RTFM also don’t read FAQs and documents. Fortunately, I don’t think the noise that fills up newsgroups will bog the blog space down, because unlike newsgroups, which are a free for all, bloggers have more control over content and want to keep their blogs interesting. I’m not talking about censoring posts, I’m talking about the blogger always having the headline post, and therefore chooses the direction and theme for the blog content.

Reading the right blogs gives you a better balance of what’s happening today, and what’s going to happen 2 years from now. Magazines, on the other hand, seem to slant heavy to the far future. I’ve seen a few blogs and a few letters to the editor complaining about such and such a magazine becoming less relevant when they don’t cover the current tool set with practical articles. Scoble says covering the new stuff sells more issues, but I wonder if this will continue to hold true as people get the breaking news from blogs, and the magazine cover about the “three pillars of Longhorn architecture” will be looking like three month old news. That would certainly force some more in-depth practical articles instead of the fluffy Gartner Group type executive summaries.

I still read newsgroups, and magazines, and continue to add to the blogroll. If I had to give up one of the three right now, I think newsgroups would have to go. That sounds like an interesting conclusion to end with.

Don’t Download That Source Code

Sunday, February 15, 2004 by scott
2 comments

If you are looking for the leaked MS source code, don’t do it. As John Lettice points out:

…if you are offered unlicensed access you're smart not to even look at it, because simply knowing how the stuff works compromises your ability to produce products independently, and renders you difficult/dangerous to employ in the relevant field.

And later …

Finally, this is very important: if you propose to continue working in the IT industry, and somebody offers you a look at the source, just say no. Remember - if you learn too much about the internals of Microsoft products, you may find yourself unable to work for anybody except Microsoft. Yikes.

This statement is obviously fact. Don Box told us all about COM internals, and guess where he works now? Microsoft. Chris Sells has openly admitted to pumping MS employees for insider information at trade shows. Guess where Chris works now? Microsoft.

Summary: Delete your Rotor source code, uninstall your decompiler. If not, you are a coding time bomb of intellectual property and a target for assimilation.

Flashbacks to string handling in C++

Wednesday, February 11, 2004 by scott
0 comments

For the last 18 months I’ve done no real development outside of C#. After 10 years of C++ I was starting to think at times I missed it. Then I downloaded the source code to Allegiance, because I just can’t resist looking at source code. I ran across this:

while (true) {
    UpdateText((char*)LPCTSTR(CString("Copying ") + CString(data.cFileName)));
 
    if (data.dwFileAttributes & FILE_ATTRIBUTE_DIRECTORY) {
        if (
               (strcmp(data.cFileName, "." ) != 0)
            && (strcmp(data.cFileName, "..") != 0)
        ) {
            CopyDirectory(
                (char*)LPCTSTR(CString(pchFrom) + CString("\\") + CString(data.cFileName)),
                (char*)LPCTSTR(CString(pchTo  ) + CString("\\") + CString(data.cFileName))
            );
        }
    } else {
        if (!
            CopyFile(
                (char*)LPCTSTR(CString(pchFrom) + CString("\\") + CString(data.cFileName)),
                (char*)LPCTSTR(CString(pchTo  ) + CString("\\") + CString(data.cFileName)),
                true
            )
        ) {
            Error("Error copying file.");
        }
    }
    if (!FindNextFile(hff, &data)) {
        if (GetLastError() == ERROR_NO_MORE_FILES) {
            FindClose(hff);
            return;
        }
 
        Error("Error reading directory contents");
    }
}
 

Two thoughts came to mind. First, I cherish the string class in .NET. Second, I realize now I never did like Hungarian notation.

I also had flashbacks to a code review I did about 4 years ago. Another guy and I sat down to prepare and quickly realized our coding standards were missing something important, specifically, how to deal with strings. Inside of the source file for a single COM component (not much code really) we found all of the following were present: CString, CComBSTR, _bstr_t, _T, LPCTSTR, BSTR, wchar_t, and char *. I’m not sure if I remembered them all, perhaps there was an OLECHAR mixed in there too. In any case, it's nice working with just one simple string class, with the occasional StringBuilder thrown in.

Also, I closed a support case with Microsoft recently. There is a bug in the Office 2000 version of OWC and it wouldn’t display all my cube dimensions. More details in this article.

by K. Scott Allen K.Scott Allen
My Pluralsight Courses
The Podcast!