Category: Technology

One of my favorite websites is CodeProject. It’s got all sorts of great code examples, tutorials and explanations for pretty much any topic. As I was perusing their Top Ranked Articles today, I discovered something very scary.

Of the top-20 articles, 2 of them are ones that only a spyware writer would want to read:
Three Ways To Inject Code Into Another Process
API Hooking Revealed

I’m pretty saddened by this. It means there are a lot of programmers out there writing software to steal your keystrokes. Scary! There certainly are a few legitimate reasons to inject code into foreign processes, but there is no doubt in my mind that thievery is the most common…

I’ve been running a DLink DI-524 wireless router at home for the past year or so. I’ve liked it, but I’ve had connectivity “glitches” – dropped connections, short delays when computers come onto the network, etc. Further, the wireless shared-key mode never worked, which wasn’t a huge problem, but definitely undesirable, as it forced me to use cable drops when I hadn’t intended to originally. Fortunately, my home is already wired. Reading reviews online reveals that lots of other people have similar problems with the DI-524.

I finally decided to get a LinkSys WRT54G router. I bought it for $49.99 at Fry’s. Wow. What a difference! Immediately, I’ve noted a speedup of download performance (annecdotal). A link testing program that I used to run and have consistent connectivity failures with now never fails at all. It’s clearly better right out of the box.

Setup of the Linksys was easy – I was back up and running in less than 5 minutes of downtime. The user interface on the Linksys is good, although the submenus are hard to discover at times. On the administration front, the DLink does a better job of logging dropped packets and such, which the Linksys doesn’t do at all, but its not a feature I really use much. I also thought the DLink had a slightly better UI for configuring access filters and such. The functionality is available on both routers, but easier for novices on the DLink.

But who cares about minor UI differences. The reliability of the router is what is key, and its a feature which the Linksys has and the DLink does not.

Now I just have to decide if I can overcome my conscious and sell the DI-524 to some hapless soul via ebay! (let me know if you want it!)

You may have read some of the many announcements about the latest Windows Live Beta that went out today. There is a lot of good stuff in there, and I can’t possibly mention it all. But there is one new feature which I really find innovative, functional, and just plain better than anything else out there.

That is the new Image Search. Try this search for our fearless leader.

Now, pull the scrollbar a bit. See that?! Whoa! That is AJAX at work. No more next-next-next navigation taking foreever. Just tap the mouse and keep browsing until you find what you are looking for! That rocks!

On the room-for-improvement side, the beta still has a few shortcomings. In particular, I think the ajax usage is almost gratuitous – sometimes being used maybe more for its techie-cool-factor than for actual functionality. I’ve found that bookmarking pages is difficult at best, and sometimes pages render slowly. There could be a whole bunch of reasons for this, so I’ll defer to the Live.Com guys to sort that out – but there is no oubt that this image search is better than anything else I’ve seen.

A few weeks ago I raved about VS2005. One of the things I really liked about it was the ClickOnce deployment. ClickOnce is the ability to “publish” your software to the net and support auto-update all through a simple build step in VS2005. Its very slick!

Alas, today I ran into a fatal flaw for ClickOnce – it doesn’t work for FireFox. Several small companies I know that were excited about ClickOnce have all backed off their initial enthusiasm, with this bug being a major reason why. Unfortunately, not supporting firefox in this day and age just isn’t acceptible. If you are building tools for ISVs, you know that you can’t just “not work” for some segment of your population.

Hence, ClickOnce is relegated to an IT-only tool, where it can be used for internat deployments at companies that don’t allow FireFox.

The good news, if there is any, is that the Microsoft team is well aware and promise that they are working on a fix. But I can’t say I’m not really disappointed in this.

More information can be found from Microsoft Developer Saurabh Pant, and Scott Hanselman.

Building browsers is hard to do. There are a lot of features in there for attackers to exploit. IE has certainly had it’s share. As Firefox’s popularity increases, it is getting more of them too.

If you’ve got Firefox 1.5, it contains some serious security regressions. You may want to upgrade to 1.5.0.1

I think the most interesting question is – how will Open Source projects like Firefox adapt to avoid security regressions like these? For as much as people gripe about Microsoft’s security (myself included), I have to admit that Microsoft is doing more than any company on the planet to prevent security problems. Here are some things that you get from Microsoft that Open Source will have a tough time beating:
1) All released software goes through a mandatory security review process. Does this slow down the process of shipping software? Yeah. We’re trying to fix that part. But this does catch real issues.
2) Every developer at Microsoft goes to security training. You can argue that this is a bit lame, but does every open-source developer do this? If nothing else, it brings security to the forefront of everyone’s mind.
3) When security flaws occur, software can be updated via Microsoft Update. IT managers can use SMS/WSUS to be notified of patches instantly, get details on the risk, and apply them to their desktops within hours.

The 3rd bullet sounds simple, but actually represents a massive undertaking. When will any open source project be able to track all their customers via a service, and proactively send them updates and allow IT managers to selectively rollout their fleet?

Hopefully we can solve this problem for both commercial and open-source software.

I’ve been using Quicken for years. I’m currently running a very old copy – version 2001. It worked pretty well until they cut off their service entirely earlier this year, and it now throws warnings all over the place. I looked into upgrading, but the $80 price tag combined with mediocre online reviews and potential loss of QIF import scared me away.

There are a couple of big things I look for in my checkbook program:
– Ease/Flexibility of data input. I need to be able to periodically import data from investment accounts, but mostly I manually input. So while I need the QIF import feature, mostly I need quick type-aheads.
– Great reporting
– Good investment tracking. I really like my instant quotes, and I’ve been living without them for far too long.

And of course, I’ve been pretty annoyed with Quicken’s move into the online space. Their product just got bogged down, and lost a lot of it’s snappiness and trustworthiness.

So, while standing at Best Buy last week looking to buy my Tax software (I bought TaxCut for the 3rd year in a row – $10 cheaper than TurboTax), I found myself drooling over a new financial program. I decided I needed the “premium” version of Quicken – to get the online quotes. Amazingly, the packaging and feature breakdowns with Microsoft Money was nearly identical. And since I work for Microsoft, I decided to get that one instead.

Today I finally got a chance to try it, and I have to say, its really great so far. It imported all my quicken data with almost no trouble. (It did lose a couple of minor categories). But the investment tracking is far more accurate – it immediately pointed out a few accounting errors I had, and I was able to fix them after getting acquainted with the new layouts and terminology. I was also impressed that it auto-detected several of my recurring payments, and figured out a rudimentary monthly budget for me. On more careful glance, though, I did discover it wasn’t very smart about it and sometimes misses payments.

The online integration seems a lot smoother than Quicken’s was too. Maybe its just 5 years of product updates, but they managed to make the interface pretty clean. I do actually trust Microsoft to respect my privacy a bit more than Intuit as well. The one big annoyance was a flash-based Geico ad in the middle of the Investments page, but I think I’ll just not use that page very often.

Anyway, if you are like me and tired of Quicken, it might be worth trying Microsoft Money. The Premium version retails for about $75, but it has a $40 mail-in rebate. That is almost exactly the same price as Quicken’s equivalent version. So far, I like it.

I finally bought myself a copy of Microsoft Visual Studio 2005. I’ve been very excited to get the updated version (I was running Visual Studio 2003) becuse it’s chock full of great new features. In particular I am excited to try out the auto-update that is built in as well as the refactoring features.

Alas, my install will have to wait, as I just received the error message, “You must install Microsoft Office 2003 in order to proceed.” Huh? The development environment is now dependent on Office being installed? Ack! I guess most folks installing VS2005 have a universal subscription, so this isn’t an issue. And it does tell you this on the box, but I still didn’t expect it and was too dumb to read. You know, I really do like Microsoft software… That is why I was so excited to install. But these interdependencies sometimes just don’t make sense. When it works, it works great. But it sure would be a lot better if it were lean-and-mean too.

I’ve been perfectly happy without Office on my system for the last two years using OpenOffice. I never upgraded to the latest versions of OpenOffice, and from what I hear, it’s improved quite a lot. And, I’m still grumpy about not having a free version of Office available for home users.

Oh well, I’ll get over it. I’ll go buy Office 2003 now because I want my VS2005 that badly. More to come!
Read more

Popular blogs today are reporting that your CD-R backups of your photos and precious data may have a lifespan of only 2 to 5 years. Ack!

There is probably some truth to the story. It certainly wouldn’t surprise me if CD lifespans are shorter than we think. But what bugs me is that there is absolutely no data provided in the article. How about some tests? Did they use different types of CDs? Different types of CD writers? Did they store the CDs differently? Did they use the CDs frequently for reading? Who knows. They provided no data. Wouldn’t a responsible journalist at least provide a few crumbs of facts?

I know first hand that I have some CDs I’ve burned which I’ve used for more than 2 years. In fact, I regularly play a CD in my car that is dated 2001.

It’s probably all just dramatized yellow journalism. Or maybe we need to make backups of our backups. I haven’t done any studies, so don’t take my word for it!

I’ve been paying attention to “building blocks of XML” as a mechanism of standardizing dataformats for a while. XML certainly is the tool which is supposed to be able to solve this. And in a few isolated spots it has worked. But for the most part, applications still don’t share a lot of data types for a lot of reasons.

A group called StructuredBlogging has some interesting ideas around doing this within blog. They have an interesting demo for MovableType or WordPress. They are also supporting the notion of Microformats.

Microformats is brought to us by a group of folks from Technorati and other places.. It’s an interesting concept. They basically claim that XML formats will never get used much due to the fact that you have to build a whole slew of tools to actually make it usable by any large audience. So, instead, they’ve reverted back to using XHTML, which is a form of XML, and then using conventions for how to describe objects. This has the advantage that microformat objects are instantly usable on basically everyone’s desktop – because they work well in the browser and can be manipulated using javascript and stylesheets. More interesting is how well they work with AJAX, because AJAX is already a client->server interaction of HTML.

Its a bit of kludge, though, because it is shoehorning in XML data types into HTML which wasn’t really intended for it. It makes the syntax a bit obscure, and you lose namespaces and need to be a lot more careful about what XHTML class attributes you use. But, if it gets past the adoption problems of XML, those are minor issues.

Worth reading about if you are interested in this kind of stuff…. I do wonder if the real issue is that too many businesses think they don’t want to share data types at all… (Look what happened with Oodle/Craigslist when they shared data via RSS) I hope that is not really the case.

Finally, if you are interested in this, definitely read what Tim Bray has to say about inventing XML languages.

A few friends of mine have started up a new site called Lost Cherry. It is an edgy version of MySpace, only better. It seems to be accumulating quite a following and has some nice features. It is a bit risque, though.

MySpace was recently purchased for $580M. I thought this article about Rupert Murdoch’s purchase of MySpace was interesting.