Aha!

I just found out why I was unable to post to my blog the other day - the entry I had with a table had a broken form tag in it, messing up the 'post' button on my form.
Mood: relaxed
Music: Builders making holes in my office

Secure Code Seminar, MythTV

The drama in my life seems to be settling down a bit, which is good. My head cold is still being a bitch, which is bad.

I've been experimenting with a package called MythTV. Installing it was a complete pain in the arse (dependencies to resolve all over the place, and some fun and games getting the database component to work at all), but once installed I was pretty impressed. It neatly downloaded listings for my funky brand of cable TV, and offers them in an easy to use format. Watching TV is good - the TV card streams to disk, I watch the stream - meaning I can pause, rewind, forward wind (when I'm behind the actual broadcast). Recording is currently not quite as good - ALSA support for my soundcard (an Intel onboard thing) isn't very good, and Myth complains of a lack of buffers when recording; this has led to some recordings having out-of-synch sound. On the upside, it does record what I want, when I want it - so as soon as I get sound figured out properly, all will be well. It really does make TV bearable to be able to just pick from a menu of things to watch, rather than trying to be around at the right time for shows. I like TV when it's on-demand!

Yesterday, I went to Paul Mur's MSN Developer Seminar on writing secure code. About 30 people showed up; interestingly, there weren't many people from the larger consulting/development groups in town. Apparently, TSG is ahead of the curve in adopting .NET - and unusual in that we actually worry about security (catty comment: check out IDP Group for an example of our competition!). The first half of the seminar should have been titled "C++ sucks" - it covered Buffer Overruns, Arithmetic Overflows, as well as the usual range of Cross-Site Scripting, Canonicalization issues (ie. don't trust filenames!), SQL Injection, and similar. Paul had good examples for everything, including some examples that I loved showing buffer overruns in action - complete with heap dumps of the results. Very good stuff. The second half of the seminar focussed on security in .NET. Security controls are a lot more fine-grained than I thought - and you can really lock down a .NET system if you want to. That's a good thing, and I definitely learned a few tricks about how to help TSG's systems (such as sandboxing assemblies that need IO access, and restricting permissions accordingly). I was also impressed by the Forms-Based Authentication stuff - .NET makes it really easy to partition off parts of a site into admin areas, member areas and similar, without forcing Active Directory on you for authentication. The end of the seminar was a real treat - some tips'n'tricks to make Visual Studio life easier, and a contest to find the bugs in some code. I won the contest, and am now the proud owner of Writing Secure Code (2nd Edition), a book I was planning to buy with my next paycheque. So I was paid to attend the seminar, and saved $50 on the book. Sweet. :-)
Mood: happy
Music: None

Java vs. DotNet

My Java vs. .NET polemic is now available for reading. It isn't too amazing, but I had fun writing it!
Mood: tired
Music: None

Databases, Ghandi

Kris and I went to see Arun Ghandi speak last night. It was informative and quite entertaining, although it didn't turn me into a pacifist. The roots of Ghandi's argument were:

• Everything is interdependent; recognize this and try to form positive relationships with everyone (on all levels from personal to International Relations), and the world will be a better place.
  
• Getting angry is human nature, but if you perform mental exercise and focus on positive resolutions to issues that make you angry, you can turn it into a positive rather than a negative.
  
• "Right over Might" - the old argument that simply having might implies an inability to focus on what is right.
  

All of these arguments were couched in humorous tales, talk about religion, and the occasionally painful anecdote. Ghandi didn't portray himself very well; at times he came across as a demagogue for his grandfather, rather than a thinker in his own right; I think I'd have been happier if he had built on his grandfather's ideas more than happily shouting from his shadow. Still, it was a good lecture - even if I remain convinced that pacifism isn't going to work without the cooperation of everyone else. Relations, Conflict Resolution and possibly Intervention remain the three pillars of International Relations in my book - even though Intervention should be used much more carefully than it is by the current Administration.

On a less theoretical note, today I've been wrestling with a client's database. They have kept their records in a WordPerfect file for years, using a table to roughly emulate a poorly designed flat-file database. TSG created a relational database system (wrapped in a PHP website) for them that does the same thing - the last challenge was getting the data out. It took me several hours to transform data from WordPerfect into Excel, fix the formatting errors (WP puts linefeeds in odd places), break the table into subtables, and then import it into PostgreSQL. I messed it up horribly the first time, but the second try worked pretty well. PostgreSQL did a good job of catching referential-integrity errors, and Excel/Access provided me with the tools I needed to make things usable; overall, though, it was a giant pain in the arse.

Mood: tired
Music: None