# Wednesday, 21 March 2007

I have such a good time when I do .NET Rocks with Carl and Richard! I'm sitting around chatting with my buds, doing a little shop talk, sharing horror stories -- the time flies by. I hope one or two of you enjoy listening to it, too. Some things I heard myself say that sound pretty funny now:

  • you're out of feet, i'm taking over
  • it's the speed of light -- we're screwed

That first one is the CLR talking to people who messed up constantly on memory management. The second is of course the concurrency story. Along the way we talked about Vista (a lot) and covered plenty of ground. Why not give it a listen?

Kate

 

C++ | Concurrency | RD | Speaking | Vista
Wednesday, 21 March 2007 11:39:22 (Eastern Standard Time, UTC-05:00)  #    
# Tuesday, 20 March 2007

Kathy Sierra has some characterizations of applications we'll all recognize. There's the one who knows how you like things, the one who bosses you around, the one you are barely putting up with till something better comes along .... and be sure and read the comments where a few more archetypes appear.

Kate

Tuesday, 20 March 2007 11:24:41 (Eastern Standard Time, UTC-05:00)  #    
# Saturday, 17 March 2007

It's a strange thing about debugging under Vista that the one thing you really don't want to do is press F5. It's rather a long story as to why, but it's a good habit to go and find your executable and double-click it. And if you develop that habit, you may find that getting Visual Studio to build you a release or a debug version is not that simple. (Pressing F5 builds a debug version, and Ctrl-F5 builds a release version, before launching the application.) For many people, the dropdown that shows what configuration you're building has disappeared from the toolbar where it belongs. And even if you're brave enough to wade into the Customize dialog and put it back, it's disabled:

To get things back the way they once were, bring up Tools, Options, and go to the General section under Projects and Solutions. Find "Show advanced build configurations" and check it.

Presto! Debug is back!

Not what I'd call discoverable, so spread the word.

Kate

Saturday, 17 March 2007 11:04:55 (Eastern Standard Time, UTC-05:00)  #    
# Friday, 16 March 2007

It's interesting when we measure new things using old rules. A number of people have observed that Vista machines doing nothing seem to be using a lot of memory to achieve that nothingness. Words like "bloat" get bandied around. Empty memory is seen as more virtuous than filled memory. I'm not going to link to all the "Vista is using all my memory it sucks" complaints. Instead, I'm going to point you to Jeff Atwood, who explains the whole thing quite nicely and concludes:

The question shouldn't be "Why does Vista use all my memory?", but "Why the heck did previous versions of Windows use my memory so ineffectively?"

Good point.

Kate

Friday, 16 March 2007 10:52:55 (Eastern Standard Time, UTC-05:00)  #    
# Thursday, 15 March 2007

Recently I ordered a DVD of The Rise and Fall of the Great Lakes from the National Film Board of Canada. Now don't get me wrong, the place is a national treasure, and I'm delighted to be able to buy films I fondly remember from my childhood. I also trust them with my credit card number. But this privacy "reassurance" didn't really reassure me:

A quick IM conversation with someone who speaks far better French than me told me that this makes way more sense in French, but serves as a tremendous example of why machine translation can only take you so far. Trust me, my "experiment Internet" is already sedentary enough.

Kate

Thursday, 15 March 2007 10:42:03 (Eastern Standard Time, UTC-05:00)  #    
# Wednesday, 14 March 2007

Yikes! How can an API call be banned? Well, these functions from the C Runtime Library (CRT) will trigger warnings from the compiler in Visual C++ 2005 and beyond. I've blogged about this before, and linked to an older paper about it too. Now Michael Howard has an updated article that lists all the "banned" CRT calls and suggests what to use instead. He also clarifies the role of the StrSafe functions and compares them to the _s versions of the insecure CRT functions. Definitely recommended reading if you're maintaining an older code base and worry about it a little.

Kate

Wednesday, 14 March 2007 10:33:16 (Eastern Standard Time, UTC-05:00)  #    
# Tuesday, 13 March 2007

First, this Information Week article says "there's a greater call for IT professionals in the New York and New Jersey area than there is in Northern California". Then they say something really strange: "When it comes to programmers, the C and C++ languages were the most popular with 18,290 job postings, while Microsoft's .Net drew 14,807." Wow. Ignoring the fact you can do C++ on .NET, that's still quite a dramatic ratio. It's partly because the jobs include other operating systems, like Linux, and C++ is The cross-platform language. But I know (because people email me asking to help them find staff) that C++ programmers are getting hard to find. Who'da thunkit?

Kate

 

 

Tuesday, 13 March 2007 22:53:35 (Eastern Standard Time, UTC-05:00)  #    
# Monday, 12 March 2007

Jesper is The Guy on security and since UAC is generally represented as a security feature, I'm interested in just about anything he has to say on the topic. So imagine my eyebrows headed for the ceiling when I read:

UAC does not, nor is it intended to, stop malware.

But my eyebrows came back down pretty quickly. There's a difference between stopping malware and reducing the effect of malware people happen to launch. UAC is intended, Jesper says, to "enable more users to run as a standard user." After all, most devs are admins on their own box, because otherwise they can't accomplish all kinds of day-to-day developer tasks. And then they accidentally write applications that only work if you're an administrator. And most folks react to that by making everyone an administrator. And that leaves you in a nasty place if you did happen to launch some malware. He goes on to say:

...we ideally end up in a situation where most people do not run as administrators and, hopefully, start questioning some of the elevation prompts they do get. The fewer they get, the more likely they are to consider them carefully before allowing them, or so the theory goes. By extension, yes, there may be less malware, but it all depends on (a) whether users keep UAC on, (b) which is dependent on whether ISVs will write software that works with it, and (c) users stop considering prompts to be fast-clicking exercises and actually consider whether an elevation request is legitimate or not.

That last one I am seeing no signs of. A UAC prompt comes up, people just click it as quick as they can. Sigh. Let's hope that changes over time. One last quote from Jesper:

The fact that UAC does not mitigate all security problems, or that it does not possess a property that many of us, myself included, would dearly like to have - first-order protection against malware - does not mean it is not a security technology.

The more we understand the point of UAC, the more likely we are to think a little during that black-screen-pause while the prompt is coming up. If you don't think what you just did deserves a UAC prompt, why are you going to consent?

Kate

Monday, 12 March 2007 22:48:33 (Eastern Standard Time, UTC-05:00)  #    
# Sunday, 11 March 2007

Ali Parker writes about the Women in Technology event that will be held once again at Tech Ed in Orlando this year. Let her know your thoughts on what the event should be, and on how to reach out to young girls and inspire them to consider changing the world through technology. I know I'll be attending no matter how they structure the event or when it's held. It's fun to be in the majority once in a while. BTW, men are always welcome ... you don't need to pass some screener with some talk of having a daughter or the like, just come on in and join us.

Kate

Sunday, 11 March 2007 22:39:41 (Eastern Standard Time, UTC-05:00)  #