Grant Killian's Blog

December 2004 - Posts

• Insecure Christmas Shopping: Am I Taking Crazy Pills?

  I've done a lot of Christmas shopping online this year.  It's perfect for the gift giving I like to do: I prefer to give experiences instead of products because most of the people I shop for don't need more material possessions.  It's all samsara anyway, right? I've found that many of these experiential type places are small and don't pay attention to online security.  They're asking for credit cards etc without SSL certificates.  That's credit card info in plain text, everyone!  I recall two sites in particular because I called them on the -gasp- telephone to buy gift certificates “securely” instead of over the internet: Gold Lake Spa (http://goldlake.secure-shops10.com/view_category.asp?cat=32) Great place to relax and visit, terrible place to shop “securely“ despite the word “secure“ in the URL.  It doesn't work with https, either, so this is clearly a case of somebody not spending a few hundred bucks to secure their shoppers' experience.  St Elmo Hotel (http://www.stelmohotel.com/gift-certificates.html) Another fine Colorado mountain escape, but no SSL on that form action.  Submit at your peril! When I spoke to these places, they were all very concerned that I didn't want to enter my payment information through their website -- they both explained that they never had anyone comment about SSL and that they figured their sites were as secure as amazon.com.  In the words of the great movie Zoolander: Am I Taking CRAZY Pills?  I guess I can't really fault the hotel owners, it's whoever set the sites up and gives them technology advice that are really at fault.  As a public service, I'm linking to a good summary of how you can tell if you're in a secure online shopping situation.  Most shared hosting solutions have very reasonable SSL shopping plans, so just because you're a small business doesn't mean you can't be secure. I suppose I need all the SSL caveats here, to head some of you commenters off at-the-pass: SSL does not guarantee 100% privacy, but it is the standard for secure online communications and relied on by the majority of online businesses.  I read a Dan Brown book about web security to the contrary, but he's a fiction writer after all . . . Yes, I realize my telephone calls could have been intruded upon and somebody could have stolen my credit card info that way.  Yes, I realize my credit card info could be abused by whoever takes my phone call on the other end of the line. While I realize the odds of somebody intercepting HTTP packets to grab credit card information is slim, it's all in plain text for anybody to see if you aren't in an SSL session.  This is 2004 and the internet and internet consumers should be mature enough to know secure from insecure.  Maybe I'm still up in my ivory tower and expecting too much from the public.  Posted Dec 22 2004, 06:31 PM by grant.killian with 1 comment(s)

• My 2 Cents on MapPoint

  Brendan Tompkins praises MapPoint Web Services; I like the product too, but I'm not sure about the price point (our usage is small enough right now that our MSFT partner status lets us use it for free).  We'll have to see how that shakes out.  The functionality is outstanding. There's a MapPoint blog available, too.  It's got lots of tips for MapPointers out there.   Posted Dec 17 2004, 09:29 AM by grant.killian with no comments

• Javascript Nostalgia

  I have a real soft spot for doing things other people think are hard (or better yet, impossible!); this doesn't mean I always succeed, but it does mean I usually want to accomplish what others think “cannot be done.”  While sometimes that means challenges like this goal for 2006, this tendency of mine really plays well in the software development field.  For example, I cooked up some web drag-and-drop cross-browser javascript code a few years ago and probably more importantly used it as a relevant and intuitive situation in an application (for selecting and sorting from many different types of options).  It involved a lot of conditional logic based on browser testing and so on; I really got my DIV tag on back then. I came across this cross-browser javascript code for drag and drop from etLux that had me waxing nostalgic over those good old days of javascript mayhem.  etLux's effort is solid and, based on my testing, runs great on Windows OS with Netscape 4 (yes, I still have that!), Mozilla, and Internet Explorer. I can't find my javascript library for this, but now I don't have to thanks to etLux's contribution.  Posted Dec 10 2004, 02:33 AM by grant.killian with 5 comment(s)

• Local Alphabet Soup Social Courtesy of Microsoft

  Microsoft had a nice end-of-year social for area user group organizers tonight; not just developer focused user groups, but a wide spectrum of technology related groups.  I had a chance to talk a bit with some folks from AITP and ITPA -- a bit of alphabet soup, right?  It gets better, though, as some folks from PMI were there too.  I'm not sure, but I might be leaving out a few acronyms. I didn't realize the subtle difference in subject matter for the groups before tonight; in my mind, there was “developer focused” groups like WeProgram.Net and HRSSUG and “all the other ITPro sort of stuff.”  It was good for me to begin to see the different facets of each group and know that there's more technology organizations in the Hampton Roads area. We may pursue some multi-group efforts in 2005, even it's just social stuff.  It was great for Kelly from Microsoft to bring us all together for a few hours -- and for her sister to answer the last minute catering call! I also had a good chat with a WeProgram.Net regular (and user group connoiseur), Greg P.  On the West Coast, Greg ran a Delphi user group and he has a lot of experience with community building.  We discussed the challenges and rewards of being active in a local programming community -- and how such a small percentage of developers seem to invest time in the user group space.  It's a shame as it's a really underutilized resource in Hampton Roads.  I guess that's a call to action for us user group organizers, right?  We need to find better ways to reach out and get people involved.  Microsoft and INETA have built a good framework for our efforts, and Microsoft is more active in our area (with presentations etc) than ever before.  Posted Dec 08 2004, 07:34 PM by grant.killian with 1 comment(s)

• Post MSDN Event "Pub Club" Tuesday, Dec 14th in Newport News VA

  The story for next Tuesday keeps getting better.  We've already got the MSDN event starting at 1 PM at the Regal Cinemas in Newport News (near Kiln Creek), and now I learn that Geoff Snowman and Microsoft will be hosting a casual “pub club” after the formal presentations at 2nd Street Restaurant -- probably starting shortly after 5 PM.  Sounds like a great chance to get to know your fellow .Netters a little better (and since it is a social event, I'm thinking Brendan Tompkins might make an appearance). Here are directions to 2nd St in Newport News; I understand Microsoft will be ordering some snacks but not providing the beer -- you're responsible for that end of the bargain.  If I only would've saved my MSDN and INETA tequila from TechEd, this could've been the perfect chance to break it out!  Oh well, there's always next year . . . I'm looking forward to meeting up with some of you next week! Posted Dec 07 2004, 12:49 PM by grant.killian with 2 comment(s)

• One step in the pursuit of fast executing .Net code

  We observed sluggish performance in some “proof of concept“ code yesterday; I pealed back the layers of the onion to find what optimizations I could make.  Of course, measurement is a key to doing code optimization; it's how you quantify any progress you're making!  I've had success with the Win32 API for QueryPerformanceCounter (this Microsoft KB article breaks basic usage of QueryPerformanceCounter down succinctly); you could try something with System.DateTime, but the resolution isn't really there for accurate measurement unless you're working with really slow code.  If you're serious about analyzing the duration code takes to execute, I'd get comfortable with QueryPerformanceCounter and consider wrapping it into a quick CodeTimer class for ease of reuse.  Besides, you get to add those slick DllImports and Kernel32 calls to your code! This particular sluggish code was easy to tune: I replaced inline SQL with parameterized stored procs and, where appropriate, combined SQL statements together to minimize the calls to the database.  The result was much quicker and, incidentally, more secure and maintainable (stored procs are superior to inline sql in nearly every way!) -- the standard sort of thing you do when turning proof-of-concept code into something more production-ready. I should note that an optimization that didn't improve the performance was switching foreach(x in y) blocks with standard for(i=0;i<n;i++) syntax; many sources will include this optimization as a slightly quicker way to iterate over your collections.  In this case, the loop wasn't executed enough times to factor into the bigger picture.  Again, the only way I know this is because I had a quantifiable way to measure the duration of the executing code -- just eye-balling it or casually observing my human perception of code performance is completely inadequate for the task. This is just one tactic in the pursuit of fast executing .Net code.  There are numerous other (and often more significant!) steps to take, including hardware monitoring, network traffic analysis, garbage collection inspection (John Robbins from Wintellect first turned me on to this -- check out the Wintellect group blog for their latest insights), and many many more.  There are whole books on the subject, in fact. So, get comfortable with QueryPerformanceCounter to time your code, but don't rely on it exclusively for optimizing your applications.  Think of QueryPerformanceCounter as a screwdriver in the much bigger toolbox of improving .Net code perf -- it's a very useful tool but not the end-all-be-all of tools. Posted Dec 03 2004, 05:44 AM by grant.killian with 5 comment(s)

• VA MSDN Events for December

  Microsoft's DCC Geoff Snowman just shared two free upcoming MSDN events for .Net developers: Newport News: http://msevents.microsoft.com/cui/EventDetail.aspx?culture=en-US&EventID=1032258622  Chester: http://msevents.microsoft.com/cui/EventDetail.aspx?culture=en-US&EventID=1032258636 There both in mid December, so check them out if you can break free of your end-of-year work committments and come out to learn about OO in .Net, MapPoint, and ASP.Net 1.1 and the upcoming 2.0 release.  I know Microsoft pays attention to turnout at these “secondary locations“ -- we're hardly a Washington DC or New York City -- so if a good number of developers come out we'll likely see more events around here.  I'll be staffing a WeProgram.Net user group table at the Newport News event; Susan or another representative from the Hampton Roads SQL Server User Group may be joining me.  Chester is closer to Richmond so I'm not sure what community involvement you'll see up there. <guilt target=“Brendan Tompkins“>I'm taking bets whether Brendan Tompkins will show at this event.  He's participated in all the WeProgram.Net fun events, like the cricket match and the bloggers dinner, but he hasn't attended any actual WeProgram.Net meetings.  This MSDN event could be a breakthrough for BT!</guilt> Hope to see you there! Posted Dec 02 2004, 06:23 AM by grant.killian with 5 comment(s)