Dear Sony,

By the time you read this, I’ll be gone. I’m sorry for doing this, but I feel our relationship has run the course. I realize this might come as a bit of a surprise to you, but I need some freedom. I’m going to gather together all the pieces around the house with your name on them and put them into a pile. This includes:

1. The 36 inch television with a flickering display.
2. The two dead ‘MP3’ players.
3. The phone that requires a hard reset every two days.
4. The Playstation that requires a manual calibration every week (not an uncommon problem).  

I could keep going, but I’m sure this is hurting me more than it is hurting you.

P.S. The software you bundle with your MP3 players is an atrocity.

I’m quite excited to see my article published in this issue alongside so many people I’ve read and followed for years. Just one example is Paul DiLascia, who has been writing a C++ Q&A column each month. I still have a well worn copy of his Windows++ book that I bought 10 years ago. I even remember where I bought the book, mostly because I thought the store name was so cool  (README.DOC).

I think I might frame this issue so my kids can look at it someday and marvel at the primitive tools we work with.

Many of you will have friends and family over between now and the beginning of the new year. They’ll eat your food, drink your eggnog, and fall asleep on your sofas at the most inconvenient moments. More importantly, however, they will be around your electronic equipment and your home network. Don’t let love, friendship, or a blood relationship lull you into a false sense of security. The time to start planning your defense starts now.

Whenever I need some information about security, I turn to Anil John’s SecureCoder.com site. Anil is a fellow CMAP member whose obsession with security shows through at every meeting. Anil regularly makes comments like:

   Why are you running as administrator?
   Hey – that password is in plaintext!
   You did what with the request validation setting?!?!?

Anil’s blog has some great posts on security and also about threat modeling. Threat modeling is an important step in planning an in-depth defense against holiday guests. You need to identify assets, identify threats, and build attack trees. Only after analysis is complete will you understand the true perils of having people inside your home.

Before starting your project, I suggest putting together a guest list and jotting down some notes about each individual. An example guest list is shown in figure 1.

Charlie (Uncle)	Only wants to check stock quotes on the computer, but always mistypes a URL and ends up clicking “Yes”, “OK”, and “Accept”.
Fred (Nephew)	Two years ago, Fred asked for a laptop to finish his school geography assignment. Removing all the chat software afterwards required the magnet from a 15-inch subwoofer.
Jasmin (Neice)	Last year, she was found in the home office brute forcing SAM passwords from an NT Emergency Repair Disk with software on a jump drive.
Wendy (Aunt)	Regularly forces an evacuation of the premises when microwaving popcorn.
Figure 1: The guest list. Never underestimate your adversaries.

Another technique Anil talks about is using multiple layers of defense. It is important to have a fall back in case a guest circumvents the outer protective shell. For instance, not giving your guests administrator privileges will prevent many problems, but what if they stumble across the piece of paper from the locked firebox behind the hollow brick in the basement where you scribbled the administrator passphrase in lemon juice? You are screwed!

One plan would be to ask such a guest to leave the house immediately, but I realize this plan is fraught with emotional complexities. Another plan, one I like to call “Operation Blackout”, requires you to find the master circuit breaker for your property. By revoking power from targeted areas of the house, you can be sure no packets flow over the network - even while the turkey continues to cook in the kitchen!

Remember to plan ahead, and best wishes for an electronically safe and happy holiday season.

Dear Vivian:

You didn’t leave me a return address, so I hope you see this response. I said I had an answer for you, but it’s taken many days to respond, and I apologize. It has been a difficult week in the salt mines. Deployments. Conference calls. Customers destroying network settings. Sales staff destroying demo software. It's crazy around here.

Anyway, the question was: how to hide a parameter in Reporting Services?

Go to the Report menu, select Report Parameters, and highlight the parameter you need to hide. The key is to clear the Prompt text box, and make sure to supply a default value. Reporting Services will no longer prompt the user to enter a value for the parameter. The parameter value can still be dynamic if there is a VB expression or a query to specify the default value.

To override the parameter at run time with a different value (perhaps by passing the new value in the query string when using URL access), then you may get the error “parameter is readonly and may not be modified”. Make sure to install SP1 for Reporting Services to fix this.

To determine the version of Reporting Services, go to the base URL for the report server (typically http://machinename/reportserver/. At the bottom of the browser page will be the version number:

   Microsoft SQL Server Reporting Services Version 8.00.743.00  <- this is old

   Microsoft SQL Server Reporting Services Version 8.00.878.00  <- this is SP1

Thanks to Jason Haley for the kind words about OdeToCode.

 Today I responded to some questions I’ve gotten over the last week with a little something entitled “What ASP.NET Programmers Should Know About Application Domains”. I hope you like it.

 

Local carpenters have rebuilt the Ise Jingu shrine in Japan every 20 years since 690. The 62nd rebuilding will start in 2013, and will take about 8 years.

Twenty years seems like a terribly short time for a shrine to be around. A common mortgage term in the U.S. is 30 years. We’d be upset if we had to rebuild our homes every 20 years.

On the other hand, twenty years is a terribly long time in software. Even 5 years can be a stretch. Off hand I can only think of 1 major piece of Microsoft software that has remained the “latest and greatest” for a 5 year stretch: SQL Server 2000 (and this is just a guess, but I don’t think it was in the master plan to ride that horse for 5 years).

Today I was thinking: what I would do if someone asked me to write software that would last for 20 years? Andy has me thinking about this, thanks to his recent comment.

If I go backwards 20 years I’d be bumping up against the fringe of my computing experience. If someone asked me then to write software to last for 20 years I’d have no choice but to write in Basic on a Texas Instruments 99 4/A. If customers were still using the software they’d have to buy spare parts from eBay, or (more likely), run the software on a PC under emulation.

How could I develop software today to last 20 years and have some isolation from the aggressive innovations in platforms and runtimes and preferably never even re-compile the code?

C++ offers me a ubiquitous, standardized language, but it’s hard to write portable code, harder still to write portable GUI code, and tediously hard to write portable GUI code without a dangling pointer lurking. Recompiles for a different architecture are required. If I were to just target Windows XP - can it still run in 20 years? Maybe. Ben Armstrong has Windows 2.03 running on a Virtual PC today.

Java takes care of dangling pointers and runs on many platforms, but is not a standardized language. If IBM ever talks Sun into turning Java open source, it would certainly look more attractive. There is a healthy amount of community and open source activity around Java today, which is always encouraging, but in 20 years Sun's lawyers might complete the mission of suing every supporter.  

Then there is .NET. At least one language, C#, is standardized. There are open source implementations of the runtime from outside of Microsoft, but writing a GUI with portable code is still problematic, and the rate of change is still high. There are also the rumors that a future OS version will only support one version of the runtime. Would my program still work there?

Some ASP.NET applications are now working on both mono and the MS runtime from the same code base, but don’t get me started on web applications. If, in 20 years, people are still writing applications by throwing HTML, DHTML, JavaScript, cookies, and cascading style sheets into a blender and hitting the ‘stir gently’ button, then the entire industry should retire and become dentists. We couldn’t do any worse then the one working on Chris Sell’s son. Actually, the thought of being a dentist terrifies me. Instead, I think I’ll be a taxi driver - at least I can talk to new and interesting people without them having cotten in thier mouth.

In the end, I’d have to think both .NET and Java would undergo major breaking changes in at least 10 to 15 years. I have a feeling C++ will still be chugging along, but my crystal ball manufacturer does not have a good track record.

To really look ahead, visit the page of the Long Now Foundation and think about the challenges of building a clock to last 10,000 years. How do you power the clock? How do you provide instructions for someone to maintain the clock? What do you do to lessen the risk of damage from earthquakes and roving, juiced up teenagers?

If you’ve never heard of a company named MEDITECH, it doesn’t surprise me. You might be surprised, however, to know they are one of the largest enterprise-scale software vendors in the healthcare industry. They are a private company and go quietly about their business.

With such a quiet reputation, it was surprising to see their President and COO accept an invitation for an interview. Not just any interview, but an interview with a blogger – and an anonymous blogger no less. You can read the interview over on HISTalk, which always has juicy tidbits about the healthcare IT space from someone in the know.

I had the opportunity to sit and talk software architecture with Mr. Messing earlier this year. I can tell you he is not a fan of the .NET platform. Seeing as how they build everything from scratch (and I mean scratch), this is not surprising. The approach affords them a great deal of independence, but you have to wonder how long one company can keep up.