Latest Posts
I'm no longer blogging on this blog. Please find me here.
I've been busy lately and most of my friends in town think I'm a knucklehead. This is mostly because I'm carrying a crazy schedule. A small sample:
- I'm doing some F# stuff, both for public consumption and otherwise.
- I'm co-organizing WBUG, the Wisconsin BizTalk Users group with Nevin Goldstein of Fountainhead Consulting.
- I'm working on a piece of software for IronWake that we hope will become our flagship product (finally; more on this later; links to follow).
- I'm doing a bunch of behind the scenes hosting of a few different community efforts and other initiatives.
- I'm working on a research project that I believe will have an impact on the way search and browsing is done on the web (hopefully, I'll join Scott and make the web suck less).
But this post is about something else, too. I'm moving jjbresearch.org and a few other sites to a new hosting provider. I've been with Oochie for almost one year. They have been good to me and I highly recommend them. But I need bandwidth for these upcoming projects and given my needs, I can buy massive amounts from godaddy.com, m6.net and others. If you are looking for a good hosting provider, especially one that is responsive and trustworthy, I recommend Oochie. Scott has treated me well.
So now that I have said all of that, this blog is getting yanked down within the next 30 days. I'll be opening a new blog on the new jjbresearch.org (running CS2.0). My intention is to start from scratch, i.e. not include all of my old posts (no upgrade, clean install). I've spread a lot of propaganda in one short year. I hope to do more on the new site. I hope to do a redirect, but no guarantees. This old blog and its contents will be archived and go bye-bye.
Oh yeah and by the way, the labrary is not moving. Referred to as "The Cell" (and you know who you are), that room will likely notice no changes and nothing never.
I have heard throught the grapevine that the new ECMA CIL "standard" is about to be released. I use the word standard because I'm not sure of the right terminology.
I was able to get my hands on a copy of a few pages of the document through a friend of mine and it turns out that CIL will now support dynamic typing. My source has asked that I not reveal details, but I am allowed to say this: the Variant datatype is back and it is here to stay.
Evidently, there are a few difficulties to implement this in CIL, but the engineers involved had a breakthrough. I'm not privy to all of the details (I only have a few pages), but there was some feature that was discovered in generics that allowed for safe void pointers. My friend stated "We do dynamic loading; why not dynamic typing?"
I haven't been able to confirm this as of yet, but the feature appears to be so important, that the recent PR on the rescheduling of Vista was faked so that this feature could be included in the new operating system.
I just found out that Euclid's Fourteenth Book has been dicovered. I am so gled that the folks who authentiated this item spent well over a year to determine that it is genuine and chose today to announce the discovery. That is was found in Ireland puzzles me, but I guess that Euclid made the rounds by see in those days.
---
If you can't get the message out of this one, you are hopeless. ((and if you are supposed to be good at this sort of thing, consider this a taunt))
It must be something in the water. I have been evangelizing F# for some time and have had numerous invitations to speak around Milwaukee, WI and elsewhere in this region. Everyone that I speak to about F# "gets it". I have been having a lot of fun.
The good folks in the .NET Users Group in Rockford, IL (NETRUG; note that they are working on updating the web site; even though I'm not listed, I DID speak) were kind enough to invite me to speak at their March User's Group Meeting.
We had a fantastic meeting. The meeting took place on March 29th, 2006 and was located at a local business and we had the use of one of their conference rooms. Gerry and I arrived in Rockford, IL (from Milwaukee, WI) after an easy, 90 minute drive. About 10-12 people showed up. This post is a little late because I had written it and forgot to publish it (and a Rockford Users Group member emailed me to remind me; dude, where's our post?).
The part I like best about these meetings is hearing the issues of the local groups and how they manage those issues. In Appleton, WI, the toughest issue was trying to determine what topics to discuss in presentations in future meetings. Here the issue was organization and leadership. Leanne Fetter has done a great job getting this group together and they have a lot of great ideas. The group is working to solidify their leadership and roles so that the responsibilities are not placed on only one or two people. Many groups have these issues and it was great to hear open discussion in this group. Of course many other topics were discussed as well, but that the group was focused on leadership means that they are thinking about their durability and effectiveness as an organization.
After conversations on local group issues, I gave my F# presentation. Coming in to a new city, I usually don't know what to expect. The topic is not an easy topic, i.e. F# forces you to think in a number of different ways. I still find myself "context-switching" between C# and F# and "thinking in F#" only after a bit of effort. But the members of NETRUG picked up F# very quickly. As I walked through the presentation, there were a number of good questions and we covered a lot of depth. I try to engage each audience (in different cities) and hope that they respond. This audience responded. Given that the group size was 10-12, I could interact, on an almost individual basis, with each person. This provided for great tempo as well. This audience provided me with useful questions and commentary afterwards as well.
The Rockford .NET Users Group has solid membership and is growing. The group, like many others, is always looking for new members, speakers and leaders. If you are in the area, visit their site, attend the meetings or get involved.
I just arrived home from the FVNUG (Fox Valley .NET Users Group) meeting. I presented on F# (as usual). For a young group, i.e. this was only their second meeting, I thought they were well organized. I'm looking forward to visiting with them in the future, hopefully as a speaker, but definitely as an audience member. The meeting was more formal than those hosted by the WI .NET Users Group. One part that I really enjoyed was the "roundtable discussion". After I completed my presentation, I returned to my seat in the audience and the Chapter President, Chuck Goehler, opened the floor to questions about all things .NET. Any question was fair game and the idea was to get the group to talk about experiences in software development and in particular with applications in .NET. Because the group is new, a lot of topics were raised and those topics became future speaker topic items of interest.
I want to thank the group for their time. I also personally want to thank a few of the new officers of FVNUG:
- Chuck Goehler - President
- Christy Giblin - Director of Membership
- David Palfery - Director of Events
There were others to thank as well, but Chuck, Christy and David have started building a first-rate users group. If you are in the Fox Valley area, the group is looking for members and for leaders. I do know that they have a nine person board, for which only five positions have been filled. Visit FVNUG's web site if you are interested in either participating in these events, or are interested in becoming a board member. I can see this group growing quickly, so now is a good time to get in and make an impact.
Don't forget - Deeper in Dot Net is coming April 22, 2006. Space is limited, so register early . . .
Just a reminder that I'll be speaking at the the Fox Valley .NET Users Group tonight. I mentioned the details earlier here.
I'm leaving in an hour or so . . .
I'm speaking again on F#. On Wednesday, March 22nd, 2006 at 6:00pm, I'll be giving my F# presentation to the Fox Valley .NET Users Group. Please note that the venue is Fox Valley Technical College Room F108. The Fox Valley .NET Users Group is a new organization. This is their second meeting and I'm really glad that they have invited me to give this presentation.
I first gave this presentation on Feb 21, 2006 to the WI .NET Users Group. I have since polished it up a bit, after feedback from a number of people.
If you are in the area, stop in for the presentation and the roundtable discussion that follows as well.
Don't forget - Deeper in Dot Net is coming April 22, 2006. Space is limited, so register early . . .
I've been taking the time to improve my competence in a few key technologies. F# is one of those technologies. But I believe that the WinFX suite from Microsoft will provide considerable advantage in the future. To that extent, any resources that I can leverage in books, websites, etc. are really useful.
Joseph Cooney's newest site, LearnWPF.com (I previously linked it here) is really giving me a good dosage of WPF. In particular, his Can I create Aero Glass"-style windows under Windows XP in WPF? (with link to Unni's blog) and How do I create WPF graphics using the Expression Graphic Designer? saved me a few hours on issues that many early release products face: capability. Sometimes, just not knowing what a product can or cannot do in its early stages is important and the simple positioning of usage may not be apparent in CTP documentation.
Joseph's LearnWPF.com is a time saver for those, like me that are learning WPF. Anybody that saves time for me is worth a look . . .
There has been a lot of recent chatter regarding security and Mac OS X. Ed Moyle of Security Curve has an opinion that I've been following that I feel is on point. I live in Wisconsin, so when I saw this, I was naturally embarrassed. To be fair, the rm-my-mac competition was referenced and that contains a considerable amount of bias as well.
Let's lay the groundwork for the sensationalized headline that Mr. Moyle references. New Apple Hacking Contest Proves OS X Is "Very Secure" is the article written by Axxel (ok, he has a good moniker, so I like him for that) that PROVES in 11 paragraphs that Mac OS X is "very secure".
I've said time and again on this site, the scientific method should be applied to all studies. Let's see if we can't use Axxel's short essay to cover what we believe to be the state of affairs for an experiment:
- Hypothesis: The Apple Mac OS X operating system is secure. Dave Schroeder, a senior systems engineer at the University of Wisconsin, launched his contest Monday.
- Experiment Statement: For his challenge, Schroeder connected a PowerPC Mac mini to the Internet. The machine ran Mac OS X 10.4.5 with the latest security updates. The Mac had two local accounts, and Schroeder left both SHH and HTTP open.
- Experiment Tests: The mini garnered attention and lots of traffic, said Schroeder, who logged 4,000 attempts. The machine weathered two DoS attacks, various Web exploit scripts, SSH dictionary attacks, and untold probes by scanning tools, he added.
- Analysis: There were no successful access attempts of any kind during the 38 hour duration of the test.
- Conclusion: OS X Is "Very Secure"
Since I'm quoting from the article for each of these areas, I'll try to provide a bit of a backgrounder. Apple's Mac OS X operating system may indeed be "very secure". But one does not boast for a status of "very secure" after one 38 hour test. There are a number of statistics concepts that can be applied here. I'll name none of them and instead mention a few qualitative ideas. 1) Does everyone in the world with "hacking" experience on Mac OS X that could "break OS X" speak English so that they could be made aware of this "test"?, 2) Is everyone who has the hacking skills for this "test" aware of the test? 3) If I'm a hacker, do I want to play on a public honeypot? 4) If I'm a hacker and do have a 0day exploit, is this the place to make that known? 5) Was every hacker that was capable of penetration for this test at their keyboard ready for this challenge with no other day job, no other commitments, not on vacation, etc.? 6) If I'm the hacker with knowledge of a vulnerability, are there ways to capitalize (think criminals and money) on my work in a more fulfilling way?
Good thing that there is no bias in this test. Data must support the conclusion. Could someone please step up and tell me how many exploit attempts per day occur on the internet? Is 4000 attempts over 38 hours a reasonable sample? Are each of the 4000 attempts independent observations?
I wonder how the crypto community would feel if a new cipher were introduced and certified as "very secure" on some web site after 38 hours of open competition (i.e. all of the best cryptographers in the world weren't directly invited to participate; assuming that they would want to particpate) to determine its strength.
Did everyone believe that Fermat's Last Theorem was "true" and just accepted it as true because no one had found a counter-example?
The work to move from the above analysis to conclusion is essentially "no counter-example was found". The conclusion is dangerous given the data. The pragmatic or practical perspective I'd state is:
- If it is in the wild, it is fair game. In other words, tests like this prove nothing. At the end of the day, vulnerabilities exist. To find them may be difficult, but to declare a platform "very secure" under the above conditions is irresponsible.
It is difficult to separate the zealots and the hype in these stories. Look past those distractions to sensible practices and common sense. Security Curve Weblog and other links on my blogroll are a good place to start for some day-to-day reading on security topics.
By the way, Mr. Moyle and Diana Kelley have a recent book, Cryptographic Libraries for Developers, that looks like a good piece of work. Given their opinions, this book is one of my must-reads and I'll be ordering it shortly.
Tonight, Dave Bost will be speaking on VSTS and features in Unit Testing and Code Analysis at the WI .NET Users Group meeting. As usual, this is the second Tuesday of the month meeting, scheduled at 7:00-9:00pm. The usual free pizza and soda will be served.
I'll be there . . .
It is that time of the year again. Ok, for me, this is a first time event, but it has taken place in the past. The WI .NET Users Group's Deeper in .NET 2006 is in it's fourth year and this year seems to be bigger and better than ever.
This FREE event takes place at the Milwaukee Hyatt Regency Hotel on April 22nd, 2006. It starts at 7:00am on Saturday morning (dude, are you kidding? like I won't be out that Friday night before or anything?) and runs all day. At the end of the event, around 5:45pm, there will be lots and lots of prizes given away (I know for certain that the number is approaching $20,000 in total prizes; you must be present to receive prizes).
As a member of the Executive Committee for the WI .NET Users Group, I'm really excited to see the progress in the development of this year's event. WI .NET Users Group president Scott Isaacs (the one on the left) talks about the event further in Deeper in .NET 2006!.
Our speaker list is first-rate:
Read more here. Don't forget to register (required for attendance). Oh yeah, it's party time in the Brew City. See you there.
So its a good night in teh Labrary. I've been getting some F# stuff done. I've been spending time doing a few things on a number of technologies and F# has been at the center of many of those activities.
Anyways, C++ and Compact Framework Guru Travis Feirtag (founder of Feirtech, Inc.) has been busy as well. He's a total maniac with the Compact Framework. I've seen him do some very cool things. Between him and the lower cased one, I look like a total amateur on this stuff. So in a quick conversation with him today, I found out about a project that he's been working to complete. The article that is the result of his work is Drawing and Filling Bezier Curves using the Compact Framework v2. Ebidently, Bezier curves didn't make it into GDI+ on CFv2. So Travis decided, among other things, to do a quick implementation of this stuff. My personal favorite of the renderings (yeah, he included pictures for people like me; dude, that is not the MSN butterfly; there is source code, too) is the last one because it reminds me of my early childhood and some of the art that I made. I was making Bezier curves at a young age and didn't even know it.
Read the article here . . .
---
Stego dogs wear keychains under a visible moon.
All of that there data at JJB Research that I work on - would be delivered in three minutes on this purple monster. I guess I had better place an order for two.
The Armed Geometer is
at it again. Ummmmmmmmmmm, this should be on
LtU.
With the release of a new version of .NET 2.0 in November, 2005, the question can be raised, What new security features and what new security holes have been introduced? Let's focus on new features. .NET Security Blog, run by Shawn Farkas, is one of my must read blogs on security and his coverage is spot on.
In a recent post, Enveloped PKCS #7 Signatures, Shawn covers the the implementation and usage of PKCS #7 messages, now as a feature of .NET 2.0. Take some time to read that post as the coverage there is good and there is little in the way of detail that I can add.
I do think that there is one important consideration that was left unmentioned. If during applications development, there is a requirement for the usage of PKCS #7 from within .NET, there previously were really only a few alternatives:
- Write a custom implementation.
- Perform calls into CAPI.
- Use some other library like Bouncy Castle.
- Some other alternative I haven't considered.
This changes the landscape for hardening of PKCS #7 messages in .NET. Those that choose to implement using these new features in .NET 2.0 will put themselves under the umbrella of that code. The upside is that implementations in applications are more concise and are based on standard .NET classes. This means that while the overall responsibility of security of an application that implements PKCS #7 does not change in requirements, the amount of code that is needed is less, i.e. less application code to harden. Additionally, this also means that the responsibility of fitness and hardening of these classes lays on the shoulders of the .NET security teams. Their code will be "put to the test" in the field. For hardening, the greater the number of instances in the field, the greater the likelihood that if weaknesses are to be found, those that engage in "breaking activities" will find them. Given the track record of security teams at Microsoft, I'm comfortable knowing that this both simplifies any application work and provides for a better, stronger code base over time.
Nice post and good work by the Microsoft security teams.
The other day, I mentioned that the Labrary went quiet. All servers and workstations were shutdown, or as one of my friends would say, optionsScalper=shutdown. Without my toys, I am nothing. I am defined solely by the CPU time across these machines. NOT.
Well, suffice it to say, that later that evening, optionsScalper=up. Everything restarted and I have a few more development boxes and other stuff running. Ahhhhhhhhhhhhhhhh.
BTW, the Labrary, now without the presence of a few dual Xeon rackmount servers, is significantly quieter and no longer running has a room temperature 88+ degrees F (31+ C). Note that in the cold Wisconsin winter, opening the Labrary window provided for virtually no relief in temperatures in the presence of those servers.
Back at it . . .
I'm finally back to having some free time for myself. Last weekend (yesterday and the day before yesterday) were fun days, but I was connected to my computers for most of the time. I had a choice to disconnect or do some other connected work and I chose the latter. I'm actually glad that I did, because now my docket is clear.
I recently moved to a new place and put much of my stuff in storage in the basement until I could find time to bring it out. I can now start unpacking that stuff and put it to work. Chad (the sensor man) gave me a NEC MultiSync XE21 monitor to use (actually to keep, he doesn't want it anymore). I had hesitated to bring out the "big guns", i.e. my larger flat panels, but now is the time. I'm also bringing up a few more servers, so if you hear a humming in my neighborhood, just ignore it and assume that there is considerable data munching behind these doors. I'd recommend you keep a safe perimeter of 50 yards or more so that you don't lose a limb with all of the activity. Seriously, I've spent the last four months on three machines and feel completely useless. It will be nice to get more of this stuff back in action. I need to get back to running some serious projects and have been itching to do so.
The Labrary is about to get "lit up" with dual 24" Samsung 243T's on workstation one and a single HP f2304 on workstation two. Of course, workstation one is the machine with dual pan-and-tilt cameras, dual Saitek joysticks, a Nostromo SpeedPad N52 and various other USB devices that will overload that monster.
My internet machine has one 13" Amdek amber monitor for my viewing pleasure.
After this silly shuffle, perhaps I can get back to yelling at the world a bit and even talking about something more interesting.
Since Jason Haley always links everyone else, and his blog (and site) got a great new facelift, I thought that I'd link him for once as an "Interesting Find". My only comments are 1) The view of the shoreline reminds me of how great the Boston area harbor and surrounding areas are and 2) I'd never look that good in a tux.
The new place looks great . . .
F# 1.1.10.2 was released by the F# Team at MSR. While there are a few minor changes in the language, the biggest change is the fsi - the F# interactive environment. It is now integrated into VS2005. While this integration may seem trivial, it represents a step forward for the F# environment and a move toward a competitive posture with other mathematics/scientific computing environments. The Visual F# Interactive session is global to the instance of VS2005, so interactivity with other F# code in the VS session is leveraged nicely.
One important note that is useful is this: the vfsi environment uses Alt-Enter and Alt-' (single quote) for evaluation of any selected text or a line. While this is useful within the VS2005 environment, make certain that if you are using this within a Virtual PC session, that you use the "left" side ALT key as the "right" side ALT key, when combined with the Enter key is the "toggle full screen mode" for VPC.
Get the download. Read more on Dr. Syme's post.
[Updated to add]
Please also note that the F# web site has now moved. The new location is http://research.microsoft.com/fsharp/fsharp.aspx.
Joseph Cooney, a member of the infamous Cooney clan that includes Dominic and Patrick, has just released LearnWPF.com. Joseph, while not a "member of the big house", has a history that includes propaganda with opinions on OO.
All joking aside, the Learn WPF site looks like it will be a good place for WPF/Avalon/XAML reference. While it appears that it just opened a few days ago, there are alreadly posts on getting started with WPF (with a list of requirements and guidelines) and an example in XAML that demonstrates form region resizing. There is also a book review of the Sells & Griffiths WPF book. One of the subtitles of the site is "Goodbye battleship-grey". There exists no grey on this site. Nice.
Give it a visit . . .
[via Dominic's Weblog]
I've completed my presentation for Wisconsin INETA on F#. I was able to leave the room with very few bumps and bruises. Seriously, what a great time it was. I haven't spoken in public in some time and I had a lot of fun. The crowd was fantastic and I'll say this: Everyone in the room "got" it. F# is a fun language and has a number of great uses. I touched on one very simple application using F#. Lists, Tuples, Type Inferencing, etc. were discussed.
You can find the presentation PowerPoint here. Please note that the code for this presentation will follow at a later date. The demonstration was to show "how" to construct a Sharpe Ratio and I hope have a post up a working example (that runs against publicly available data) in the near future. Given the time constraints (2 hours), it would be impossible to cover all of the material, so I wanted to make certain that people were left with a bit of understanding of both F# and Quantitative Finance (in a non quant-professional setting, i.e. for .NET developers).
More importantly, and don't tell anyone you saw these, but rumor has it that there are pictures of me in action here (with the first one here; as this stack will obviously have other eventual photos). Thanks Matt. Given The Liz's observations that I ought to "hit the gym more", I find no evidence of that in these photos. Ironic that in Matt's Flickr stack, I follow photos of "Tuscan-Style Garlic-Rosemary Roast Pork Loin".
----
Contact me here with further questions.
I announced that I'm speaking at Wisconsin INETA for February earlier here. I personally invite everyone that visits this blog to attend.
My topic, as listed on the Wisconsin INETA site, will be An Introduction to F#. The official long title (after a revision or two) is F# - An Introduction Under an Application of Quantitative Finance. As this is my first speaking engagement in a few years, I'm really focused on delivering a clear and fun presentation (no duh?!?). the lower cased one mentioned that he'll keep me in my place if I get out of line with the math. I promise that of all of the slides, there is only one that has funky math symbology and there is a warning on the previous slide for those that don't want to blind.
I need to acknowledge two people for early reviews of and comments on my presentation. Dr. Don Syme, F# Team Lead and Language Designer/Architect, provided early feedback that was useful. Matt Terski also provided an early sanity check of the presentation. A big thank you to both of you. Any revisions since our discussions and errors that result are obviously my own.
If the above is not enough to get you out of the house in this cold Wisconsin winter, let me remind everyone that there will be free pizza and soda served and prizes (books, gift certificates, etc.), compliments of SysLogic, Inc., Apress and JJB Research. I personally thank Patty Pritchard Thompson of SysLogic and James Huddleston of Apress for their generosity.
If you have no time for fun lately, make some time. I'm on a few thingies with projects that finally allow me to breathe. Which explains this next tidbit. Try this link:
spray paint graffiti on optionsScalper's blog
Upon inspection of that above URL, you likely can figure out how to aim that graffiti at any other mortal enemies.
Back to work . . .