The finalists for the Connected Systems Developer Competition have been announced. You can see them at http://csdevcompetition.com. Congratulations to all of the finalists. I know that I reviewed a lot of really good ideas. While I didn't reveiw all of the finalist entries I was fortunate enought to review the SQLCLR Z-Machine entry. I really liked it because it brought back memories of a project we did in college. The assignment was to get in a group and write a word processor to show not only text input, spell checking, formatting, etc. but that we could work together as a team and do project management. As a team we decided that a word processor was boring and proposed to create a text based game that had all the same functionality. The game we produced wasn't as polished as the SQLCLR Z-Machine but it was a lot of fun to make and I learned a lot about working in groups and some of the problems and advantages that groups can give a project.

I got in to work Monday and had an e-mail that said it was from our corporate IT and that my password had been changed as part of the weekend maintenance. I don't know what made me do it but I opened the attached .zip file to see what I needed to do to get into the affected systems. When WinZip opened it showed an empty file. I thought that was strange and just closed WinZip and went on with putting a CD into the drive to install some software that I needed. A few seconds later the "run as" dialog popped up telling me that I didn't have administrator rights and asking what user to install the software as. I assumed this was from the CD I had inserted and closed that dialog as I was already running "MakeMeAdmin" to install the sofware in my user account. It wasn't until I read the next e-mail that things started to fall into place. The e-mail was also from our corporate IT department and said that the previous e-mail and another one with a different subject and text were spoffed to come from them but really were a result of the MyTob virus. I checked and the CD did not have an autorun that tried to install software so the dialog box was caused by the virus trying to install. So the lessons that I should have learned over 15 years ago when I picked up my first computer virus are:

1. Don't run as administrator. I am currently doing this and it has helped me to avoid this virus by asking me who to install as. If I had not just put a CD in the drive it would have been very obvious that something was wrong when the message popped up.
2. Keep up to date on patches. According to the virus detection/removal tool that I ran I need 2 patches from Microsoft to avoid being infected by MyTob. I had both installed thanks to Windows Update.
3. Never trust e-mail. Back in college I had a project to write an e-mail client. As part of that I learned the SMTP protocol and would regularly send e-mails with a return address of the.monster@under.your.bed (sorry if you got one of those). I should have thought that the e-mail telling me that my password has been changed was in a system that I used the supposedly changed password to access and therefore spoofed but I didn't.
4. Don't ever open e-mail attachments. Well never can be a problem if you are expecting a word document but you should at least attempt to verify attachments. I was reading the e-mail through the web mail interface. Outlook would have flagged the attachment as having some other extension (probably .exe, .scr, or .cmd) past the .zip and would have warned me.

As I said at the begining of this post, this all happened on Monday. I intended to blog about it Monday night but got busy with some last minute details for the Connected Systems Developer Competition and getting ready for a customer meeting on Tuesday I didn't get around to blogging it but thought I would do it first thing Tuesday morning. Very early Tuesday morning I woke up with the flu. Somewhere in the wee hours of the morning in the delerium caused by the fever I found myself thinking it would be nice if I could run my body in non-administrator mode. That way when I got a virus from somewhere else I could just click on the cancel button and not have it infect me. Of course that is not possible, but it would have saved me two days of laying in bed feeling miserable.

I just read the first of what will undoubtably be a long string of articles looking at the 20 year history of Windows. You can read it for yourself here. It brought back some fond and not so fond memories of my computing experience. I didn't use Windows until 3.0 but when they talk about it being slow and buggy I can remember thinking the same thing. I kept reading on with the next link until I had finished reading the interview with Bill Gates.

For a long time now I have been running the beta version of Microsoft Anti-Spyware. I also religiously update my system, run as a non-administrator, and in general try to make sure I am protected from all sorts of malware. I had noticed for a while that I was not getting popups from Microsoft Anti-Spyware about the settings in my hosts file or showing the first web site in my approved cookies list and all the other annoying little messages that used to pop up when I booted up my system. I assumed it was due to an update to the program since I regularly got those or becuase I had checked the "report to spynet" (or whatever it said) message enough times for the software to realize that the "community" thought it was a good idea to allow my particular settings. I have also seen the results of a scan on my home computer many times. I was very surprised when I made an update to my hosts file and didn't get a message asking me to approve the change. When I went to check the program wasn't running. When I tried to run it manually I got a message that my version of Anti-Spyware had expired on July 31. I had never noticed that the icon wasn't on the tray because I have Windows set up to hide inactive icons and I never really clicked on it to make it an active one.

So now I have downloaded a new copy and I will have to run a scan with it and also with AdAware to see if I have picked up something bad in the month and a half that I didn't notice that I was unprotected. I guess I will have to add anti spyware to the list of tasks that I am proactive about instead of just relying on the "automatic" protection.

Let me start off by saying that I don't have anything against OSS per se, I certainly spend a lot of my time contributing to the community through user groups, presentations, articles, and (hopefully) this blog, but as a person who gets paid to develop software I worry about the market deciding that they will only use OSS and I will have to find a new way to feed my family. The success of Red Hat as a company has certainly caused me some worry. When I see articles like the one here on Slashdot that says a successful OSS project has decided to close its source to keep its competitors from taking the code, repackaging it, and reselling it, it gives me hope that I will still have a job long into the future.

I think there is defenitly a place for both closed and open source development in our world. It just may take a while longer to figure out what people are passionate enough to work on for free and what things take some money to make them worth developing. From the article it seems that this particular product hasn't had a lot of community development for a while. I am curious if most OSS projects, like TV shows and on-line games, follow a pattern of a lot of activity and energy at first to get the "fun" stuff done. Later, issues of maintenance and boring features come up and people start to go off in search of something more fun and fulfilling to do until only the truly devoted people and those who still have some motivation (make money, kill competition, promised to do something and can't figure a good way to back out, etc.) are left around? I don't have any evidence either way on this, just a question I thought of.

In case you missed it, Google and Sun announced a partnership today. You can read an article at http://www.msnbc.msn.com/id/9581591/. Although the official announcement just covered including the Google toolbar as part of the Java download there is a lot of speculation about Google distributing OpenOffice. What is not mentioned in the article is that if Google does start supporting OpenOffice there will probably be a lot more people take a look at it. Although I doubt that there will be any major uptake in usage at the corporate world I think a lot of users including my parents might use if if it were very easy to use and relatively inexpensive. Of course there is also the changed UI in Office "12" that will require a new way of thinking that might make people flock to OpenOffice if it maintains the familiar menu structure.

I think the real danger for Microsoft Office is that most people don't use even a small part of the Office Suite. (I remember one of the presenters at PDC saying that over half of the requests for new features in Office are for things that are already there. People just don't know how to find them.) I mean how many people really write complicated macros or try to figure out all of the formatting options. For most people just being able to change the font, text size, bold, italics, and underline will meet their needs. If people get used to OpenOffice at home it will only be a little while before they start wanting to use it in the office. Once businesses start moving off of Office in large numbers Office could be in trouble. WordPerfect had the word processing market in hand but didn't move to Windows fast enough and they also didn't have an integrated suite for a long time. Any kind of misstep by Microsoft could mean that Office could suffer the same fate.

Whether Google starts to distribute OpenOffice and whether Microsoft will respond are both topics of conjecture but one thing is for sure. If there is competition in any area, especially around one of the "cash cows" for Microsoft they have historically responded with lots of money and developers. Any time Microsoft feels threatened by competition they do incredible things to make sure that they stay on top and we as consumers will benefit from new features.

I spent a lot of my time at PDC meeting with different people in meetings that were covered by a Non-Disclosure Agreement (NDA). The various parties in the meeting kept reminding us how seriously they take the NDAs but there is always the chance that something will leak out. Now there might be a partial technology solution. It seems some researchers have found a way to block digital cameras. That might help with some problems but won't stop others like where someone (in this case a Microsoft employee) makes a public announcement about a "product" that I later learned under NDA was still being thought about and was not to be publicly discussed.

You can read the article on the digital camera/camcorder blocker at http://news.com.com/Crave+privacy+New+tech+knocks+out+digital+cameras/2100-7337_3-5869832.html?tag=nefd.lede

The PDC ended yesterday but true to form I didn't blog the sessions last night but insead am doing it a day late. I heard that an article I wrote on the "language wars" was posted on Comnet at http://commnet.microsoftpdc.com/pdcreflections.aspx. I am not sure if you had to register to see this article or not. I will check that out and post it here later if there is a problem getting to it. I only took notes on 1 session that I attended so here they are:

DAT408-ADO.NET: Advanced Data Access Patterns
Getting data wiht a DataReader is fast, going back to the server is slower but UpdateBatchSize helps. If the provider supports it parameters will be sent in an array.
Going from the client to the server - Bulk insert to a temporary table then use DML to move the rose (one statement/type) and do it all in a single transaction.
Grouping lots of data operations in a transaction can be faster because there will be less writing of the transaction log to the disk.
Must load data into a DataTable to do batch updating.
For BulkCopy to go fast the database needs to be in simple or bulk-logged recovery mode. Tempdb is already in simple mode.
To speed it up further you can implement a custom data reader to read the data and stream it rather than reading into a DataTable (DataTable puts all rows in memory at once).
Use SqlDependency to notify of changes to the data and invalidate the cache. Use a DataSet to store the data in cache and invalidate the DataTables as needed.
SqlDependency doesn't have any granualarity control so to make it more efficient load data in chunks, when a cache miss occurs. On a notification, just delete the chunk so the rest of the chunks in the cache aren't invalidated. In the callback for the notification delete the rows from the DataTable.
If you use a DataSet for a cache you wll need to query the data in it. Joins are missing. You get the ability to filter rows now.
To create an "index" on a datatable call select for a temporary one or create a DataView for a permanent "index".
Pablo will post the code to do joins in a DataSet to the blog at blogs.msdn.com/dataaccess.

It was a fun week at PDC. I really enjoyed being there to hear about all the new technologies. I got enough DVDs to keep me busy for a long time looking at new stuff. The only real bummer was that sometime Friday afternoon I lost my cell phone. The security guys at the convention center found it and are supposed to be sending it to me but for a few days I will be without it.