While I won't be able to attend myself (since I will be at TechEd in Spain at the time), the Seattle Code Camp is set to take place November 17th and 18th in Redmond. Anyone interested in presenting or attending (it's free!) can go to seattle.codecamp.us for more information and to get signed up.

Code Camp is a new type of community event where developers talk with—and learn from—fellow developers. All are welcome to attend and speak.

Code Camps are (1) by and for the developer community; (2) always free; (3) community developed material; (4) no fluff – only code; (5) community ownership; and (6) never occur during working hours.

Recently I have been working on writing a set of practices for taking the IT Help Desk to the next level. Well, actually it's about fixing what's broken and reworking the people, processes and technology components in order to be a great, service-oriented help desk with happy customers and happy, motivated employees. And yes, it is possible to have it all.

At any rate, I read this blog entry by Tim Heuer recently, and it illustrates well the common problem with IT support processes. Read and weep.

When you read something like that and both laugh and cringe (mostly cringe in my case), it makes you think.

ITIL, COBIT, and everything else standards-based aside, there's a whole slew of internal motivations and behaviors common to IT organizations and customers, yet not really addressed by standards, that can make or break the success of your service desk and organization. Having processes and checklists in place is great, but what makes for a really great IT organization? What makes someone a great help desk customer?

You never get perfect (on either side of the desk). But you can run a practice that is measurably successful and does more than maintain status quo (not always a good thing, by the way) and just get the job done.

What are some of your help desk stories, good or bad? What have you seen that works? For all that is decent and tactful, please don't disclose your employers, any people or specific teams here (or they'll be deleted). But some illustrations would be great. Just be nice. :)

Adam Shostack of Microsoft takes a critical look at threat modeling and changes to TM processes in a short series of posts on the MSDN Security Development Lifecycle (SDL) blog. It's a good read, especially when aligned with Larry Osterman's recent writings (which I mentioned recently) and those of others. If you're not a reader of the SDL blog and you're a security person or developer, I recommend it highly, by the way.

"In this first post of a series on threat modeling, I’m going to talk a lot about problems we had in the past. In the next posts, I’ll talk about what the process looks like today, and why we’ve made the changes we’ve made. I want to be really clear that I’m not critiquing the people who have been threat modeling, or their work. A lot of people have put a tremendous amount of work in, and gotten some good results. There are all sorts of issues that our customers will never experience because of that work. I am critiquing the processes, saying we can do better, in places we are doing better, and I intend to ensure we continue to do better."

Here's quick links to the blog articles by Adam. Those interested in secure development need to know and use a threat modeling process, and a critical view of said processes is important, so it's good to see this healthy example:

• The Trouble with Threat Modeling
• The New Threat Modeling Process
• Getting into the Flow With Threat Modeling

(also via Michael Howard's blog, which is a must-read security resource, too)

Okay, who wants to add me for Halo 3 fun? My XBox Live gamertag is gergin8or. I'm pretty lame at these games but what the heck. What's yours?

UPDATE: The question of whether this actually tells you whether you're left or right brained has come up (I wondered myself how legitimate of a brain test this could actually be), and a post right here on greengabbro.net offers a reasonable and well-written explanation as to why it likely does not, in fact, tell you much of anything about your personality or brain. There's also some links to some interesting auditory "illusions" that I found quite interesting. But still, regardless of the braininess of the image, please enjoy playing with the illusion below. It's true that it can be seen turning either way (it's an illusion). But it's also still very interesting that different people see it different ways on the first try, or more often than not the first several tries.

The Herald Sun, a newspaper in Australia, has a cool page up with an animated image that can tell you whether you are right- or left-brained. Here is the original page, with the details.

Look at the image below. Which way is the dancer model turning, clockwise or counterclockwise?

Most people see it turning counterclockwise, which is correlated to being left-brained. If you see it turning clockwise, you're right-brained. Can you make it change directions? for some it can be difficult to impossible. I can get it to change briefly if I really try (I see it turning counterclockwise).

Here's what they say it all means:

 How's it look to you? What do you think?

Windows Home Server, a way-cool implementation of the operating system that lets you easily create a flexible and remotely-accessible storage point, is now available for purchase on newegg.com. The price (as of the time of this posting) is $189.99, and it's worth every penny.

What is Windows Home Server? In a few short words... Backups, share and access files, easy setup (simpler than a VCR to use) and you just add drives to grow over time. Plus there's a bunch of cool add-on's already available. If you're a Windows geek, it's based on Windows 2003 server, so adapt away!

First of all, you should read a few of the reviews on the newegg page. They accurately and effectively describe the high points (and the remarkably few lower points) of the product. And here is a marketing description of the product that hits the basics:

Windows Home Server helps you pull together and protect all your family's files in a single, central location that makes sharing easy.

Protect the things you care about
Keep all those digital memories safe for future generations with features like automatic daily backups and full system restore.

Connect with your friends and family
Share your photos, music, movies, and other files from a single, central location that everyone in your home can get to. Friends and family can see and share any files you want, whether they're in another room or another country.

Organize everything all in one place
This smart hub helps your family organize all your shared files in one place. Windows Home Server cuts down on clutter and brings order to digital chaos.

Grow into the future
You can add more space easily whenever you need it, so no more hard choices about what to keep and what to delete. And new products and services will be added as Windows Home Server keeps growing and getting better.

Jason Cross hits the nail on the head. It's not the hardware, it's not the software, it's not even the company. It's something else completely.

Bad apples (pun intended) can truly spoil the barrel.

I have to say, based on my own experiences and as a Mac user since the very first one came out (yes, that one) when I was a kid, I agree with Jason's points. Well-said and fairly-put.

Now you go read it. Someone needs to say these things, and Jason did. Good for him.

Attention all Portland, Oregon and Vancouver, Washington area peoples:

Drop everything, sign up right now (see details below), and meet me to play HALO 3 on two 50-foot ultra-hi-def video movie screens this Thursday (October 11th) at 7:00 p.m. just across from the Portland Airport in Vancouver at Cinetopia. Why? Because it will be the ULTIMATE Halo 3 event.

And you're guaranteed a win, because I will be there. Bonus. Heh.

YOU GET TO PLAY HALO 3 on two 50-foot ultra-hi-def video movie screens (like double 1080p resolution, beautifully up-scaled by some super-fancy equipment to make for an awesome image) and an awesome theater setting, reserved just for us - and the proceeds benefit the fight against diabetes. What more can you ask for?

Your donation of $25 (or more) at the door or will go straight to the America Diabetes Association. You can also pre-donate online and bring your printed donation receipt to the door. There's room for 120 people, so register today to save your seat(s)!

ALSO -- The first 10 people who let me know (in the comments and/or via email) that they have signed up (details of which are below) because they read it here - and then show up to play - will have their $25 donation matched by me. So let's make this happen! It's for a great cause and will be tons of fun.

And blog about this on your own site if you have one. Spread the word!

You need to sign up ahead of time so seats can be counted - so please do it now!

Here are the details:

• When:  Thursday evening, October 11th, 7:00-Midnight (and yes, you can leave earlier if you want or have to, it's not Hotel California or anything)
• Where:  Cinetopia - here's a map and their web site
• Who:  Due to the content and whatnot, 18 and older, please
• Register for this event at http://iammasterchief.com/ with the RSVP code "FIGHTDIABETES" (and just ignore the fact that the date there is wrong, and you won't get an email confirmation - if you see the PDX event after signing up, you're good to go)
• You can donate online and bring your web receipt, or donate at the door (but either way, please sign up at the link above)

You can also read more about this event on Rich and Scott's blogs. Proceeds benefit the American Diabetes Association (and Scott explains that quite well).

Business sponsors of the event include: Aivea, Robert Half Technology, Microsoft, the Portland Area .NET Users Group (PADNUG), the Software Association of Oregon, of course Cinetopia and others. A special thank-you goes out to all of them!

I have realized more and more that the time I'm taking off from working right now is time I need to spend doing the sort of things I can't realistically do while employed full-time. For example, I'm actually considering taking the time (and the expense) to get my private pilot's license. We'll see. That may be a bit of a stretch (and the rainy season is coming). But every time I see Jeremy Zawodny post about airplanes and flying, I get excited about it again. Darn you Jeremy!

I've always wondered what it would be like to travel the highways in a big truck. I'm writing this from northern California because I am on the road this week with my friend Broc (he's the goofball in the picture). He drives a 18-wheeler for his family's moving company. We left Portland on Tuesday and we're driving someone's household items to Modesto, California. Then we turn around with a different trailer and load and head back home by the end of the week.

I'm not sure exactly what it is about traveling from here to northern California in a semi truck that interests me this much. Seriously, we could be going anywhere and it would be an adventure for me just traveling over the road in the semi for the first time. Add to that the fact that I have never made the trek from Portland to California on the ground (it's always been by air) and it certainly makes for something to look forward to. In fact, I have never driven further south in Oregon than Eugene before today. Considering I've lived here for pushing nine years, that's kind of sad. And the chance to hang out with a friend for a few days is pretty darn cool, so I'm glad he asked.

It was a great drive today - nice scenery. Mt. Shasta is incredible and huge. It was amazing to be able to see it off and on for such a long time as we approached it and drove past. The peak is at more the 14,000 feet and much of the surrounding area sits down around 3,000 feet more or less, so you can imagine how it stands out. Shasta Lake is very, very low right now. Like maybe even 100 feet low, it's crazy. But it looks like a great place to bring the boat for an extended trip next year. It's on the list.

What would you do if you had unlimited flexible time? I'm always open to new ideas. :)

I've worked in the financial services software industry for years. For the last couple years I ran the security division of a major online-banking software and services provider. Security is paramount in that market. The responsibility that goes along with the role is huge, but it's a responsibility that's shared by everyone involved. Taking security seriously can't be something that happens after the work is done, and it can't just happen at some milestone point in a project. It needs to be an ingrained principle, part of the way things are done from beginning to end.

Threat modeling, loosely-described, is a design process by which you examine your software application design through the eyes of the bad guys, in order to determine what your design needs to take into consideration and how it should be built to protect against malicious threats. From the design phase you take your documented threat model into development and use it as a living document throughout the development lifecycle. Or at least that's how we did it.

Larry Osterman, who's worked at Microsoft pretty much forever, is a pro when it comes to threat modeling and secure coding. I haven't ever met Larry, but I've read his thoughts on the topic and they're solid. He's written before a couple times about this, and more recently (over the past month) he wrote and posted a series of excellent articles on his blog about threat modeling at Microsoft in the Windows division. If you're into this sort of thing, as I am, it's also very interesting to look back at his articles from the earlier years and to compare how they do things today. They've matured quite a bit.

I'll leave the narrative and examples to Larry, but let me add this by way of punctuation: Threat modeling takes some time and effort, but understand that security is a critical component of quality. Reputations (and therefore businesses) depend on it. It takes a very intentional process to properly understand the landscape and to look at all the threats and vectors of attack. It's not easy for people to shift gears. Most developers spend all their time thinking in terms of getting software to function according to customer requirements. Just as important is making sure it won't do what the bad guys want it to do. So, if you're ready to argue that you don't have time to do threat modeling, I have a solid argument (several of them really, which are backed up by real-world proof) that you can't afford not to. Threat modeling is risk management for the software industry.

And then there's the very-real side benefit of threat modeling. When your designers and developers sit down before building the product and really start to think about all aspects of quality in a formal, documented manner, you don't just get security improvements. They'll be seeing and thinking about general product improvements that you just won't get otherwise. I can't tell you how many times someone has come to me during a threat modeling process with a look of glee in their eyes, excited to tell me "hey this threat modeling stuff is pretty cool, and we even came up with some other stuff that isn't strictly security-related but will make it a much better product. I'm glad we did this."

The rule of the game is strategic thought, proper defense, quality first, and better software done faster that costs less. And it can happen if you let it.

If you're a software developer, tester or product manger and you don't know what threat modeling is and how it works, you're missing out on something that really should be required in this day and age. So here is what you should do:

1. Read Larry's articles, they're quite good.
2. Buy three books (you'll notice Michael Howard is an author on them all):
• The Security Development Lifecycle
• Writing Secure Code (2nd Edition)
• Threat Modeling
3. Be a leader and implement what you learn.

Update: Engadget has the details of the formal release today.

Looks like this Tuesday in Redmond will be Zune 2 day. I've been curious what they'll come up with for the next-generation device. I don't own one yet. Several friends of mine do. It's a nice device which (for me) has a couple imposed limitations that make it not as useful for me.

Rumors floating around about Zune 2 include a flash-based memory design (instead of hard drives), thinner case and WiFi integration (but we'll see if it's the classic Zune hobbled WiFi or something more useful). Also, word is there will be a new community site for Zune users announced.

For my part, I hope there's some revolution in the announcement, not just evolutionary changes. That might catch my wallet's interest.

via BetaNews

iTunes (and my friend John) reports that v1.1.1 of the iPhone software is available. Since I have third party apps installed, I am hesitant to install it just yet. My phone has not been unlocked carrier-wise, but app-tap is on there.

• Apple video about the latest update
• iPhone Atlas list of notes about the update - excellent
• A list of undocumented features in iPhone firmware v1.1.1, also from iPhone Atlas (where do they get this stuff, anyhow?)

I think I will wait a little while and see what people have to say. No point being the guinea pig on this one. :)

UPDATE: I was able to update my app-tap-modified iPhone to v1.1.1 without a restore required, no problems. Of course, I no longer have any third-party apps on the device, so I will be looking for updates there in the next few days.

Where to look in early moments to see what works and doesn't? Well, Engadget is such a great place...

mcg @ Sep 27th 2007 2:14PM
What the hell, I'm trying it now. I haven't unlocked my SIM but I have AppTapp installed and a number of applications, including SummerBoard. I'll let you know how it goes. 

Ben Kreeger @ Sep 27th 2007 2:16PM
Yes, please let me know what happens; I've got AppTapp installed.

mcg @ Sep 27th 2007 2:19PM
Oops, it's probably best that I reply to my original post. I got the dreaded "unknown error" when attempting to install the software right off the bat. Maybe undoing jailbreak would have averted that problem, but what's done is done. Now I am having to use the iTunes Restore Phone feature. Looks like I'll be losing my apps and my data. No big deal to me, really, but beware. I'll post again when I'm up and running with 1.1.1.

mcg @ Sep 27th 2007 2:25PM
Now I'm back in action. Lost apps and data. Had to reenter my voicemail password.

Interestingly, I have a new icon next to the standard BlueTooth blue icon---it's in the shape of my bluetooth headset. Looks to be a batter meter. Nice.

mcg @ Sep 27th 2007 2:27PM
Now I'm syncing my photos, music, calendar, etc. It's going to take awhile, so I'll wrap it up here. Bottom line, if you've done a jailbreak, be prepared to start from scratch. It would be nice if someone could un-jailbreak the phone and see if that prevents us from having to reinstall everything.

Arjan Zuidhof, a .NET software engineer in the Netherlands comments briefly on his linkblog regarding our recent podcast show and interview about being a DBA:

"When was the last time *you* listened to a podcast? Honestly? One of the things I know I should do more, but, ahh, the lack of time is standing in the way. Still, learning how to be a better DBA is definitely a healthy career path if you don't know where to go..."

That got me thinking. Arjan's point seems to be consistent with those of many others, and truthfully I have to include myself in that list of people who have found podcast consumption to be too hard from time to time. I have found myself wondering aloud and to myself how in the world anyone can possibly  get the technology to work seamlessly, find and organize podcasts, have them in a place where they can be consumed, and still find the time to actually listen to them.

And then there's the whole (somewhat true) problem I refer to as the "most-podcasts-suck" phenomenon. It can be painful and a bit of work to find a good show, let alone stick with it.

But some of the best learning I have done over the past year or two has been from podcasts, so I can tell you there is a tangible benefit. I listen to a total of maybe 6 or 7 podcasts, and I listen whenever I find I have the time. I don't listen to every episode in its entirety, either - it has to keep my interest. I also don't plan it all out or have a podcast listening schedule. And I have found that's important for me if I am going to be part of the podcast "listernership."

The first thing I had to do was to have a set of tools that make it possible to listen without having to think about it. Here are the tools that I have found actually make it possible, in my real world:

1. iTunes - Love it or hate it, the fact of the matter is, iTunes makes subscribing to and consuming podcasts freakin' easy. And on top of that, you get show ratings, the podcast directory on the iTunes store, and a lot more. Plus, when you consider that the producers of a podcast have to work to get their show into iTunes, it's raises the bar slightly and as a result the signal to noise ratio is a little lower.
2. The Mac Mini on my kitchen counter - With some compact speakers and the iTunes client running on it, I just load the Added recently playlist and listen. Obviously, this could be a Windows machine or whatever. The point is, in the space where you spend your time, it's good to have the ability to let stuff play in the background, and your primary iTunes subscription point show be there.
3. iPod (or iPhone in my case) - The thing that matters the most here is that you need to have it with you all the time. Truth be told, my iPod saw so little use day-to-day that I seriously consider that particular purchase to be a waste of money. I have a friend who has actually used it much more than me. But the iPhone, on the other hand, goes everywhere with me. As a result, the iPod content on the phone actually gets listened to. I cannot overemphasize the importance of this point: Listening needs to be something you just do. The planning part should be limited to the discovery of and subscription to content. After that, the whole idea is to focus energy on the shows, not the delivery mechanism. Else you'll find yourself frustrates and giving up. And that's, well, pointless.

I'm a Windows and Wintel guy primarily, so you might be surprised to see the glaring consistency in manufacturer above. Get over it, I did. And it works. That's what matters. 

My point here is this: The time it takes to actually listen to podcasts is often confused and munged with the time it takes to be able to listen to podcasts. I'm not saying that Arjan's situation is specifically that, but rather his comments caused me to think through some common frustrations based on my own experience and the experiences of others.

I've heard many people say they just can't find the time for it. I know I certainly get frustrated with shows that ramble on and on and present nothing useful. That's why - for example - Scott Hanselman's excellent Hanselminutes podcast is intentionally compact and focused on a specific audience, and it's why we work hard to keep RunAs Radio around 30 minutes per show and focused on topics for IT professionals.

What I've found is that if you can work out the technology part of things, and then be willing to spend a little bit of time here and there glancing at recommendations made by others and which fill your own interests, you can learn and consume a lot of good stuff in the "between" time (and still have time left over for other stuff).

For those who roll their eyes and doubt, here's my "preachy" thought for the moment - for what it's worth: If your schedule won't allow you to listen to a podcast every week or two (and this statement is coming from a true workaholic, people) you might want/need to take a hard look at your schedule and figure out what's wrong with it. Missing out on good information, whether it be written or recorded or what have you, is an unfortunate and damning side effect of too-much-ness. We all got to where we are today by learning, and stopping now really isn't an option - unless our goals are to slide backward and relegate ourselves to being second-best. There should be time for family and friends, time for yourself, and then time for work.

Anyhow, a special thanks to Arjan for making me think. :)

Do you listen to podcasts? Or do you find you can't? Why or why not? What is the one thing podcast producers could do today that would make a real difference to you, the kind of difference that would make it really worthwhile for you to spend some time with them?

Ready? Discuss!

We had an opportunity recently to speak with Trey Johnson, Chief Business Intelligence Architect at Cizer, about the current state of BI in the industry and some of the new technologies available on the Microsoft side of things. We also touched on what business intelligence means these days and some of the things IT professionals need to be thinking about when contemplating a BI project.

RunAs Radio Show #25 - 9/26/2007 (31 minutes)
Trey Johnson Helps Us Get Business Intelligence

Richard and Greg talk to Trey Johnson from Cizer about Microsoft's Business Intelligence offerings. The product line up from Microsoft is expanding beyond SQL Server, Analysis Services and Excel to include Microsoft Office Sharepoint Services, the new PerformancePoint Server and ProClarity Analysis Tools.

One thing's for sure: If you don't have your ducks truly in a row before you start, a poorly-planned BI project can be a money pit of enormous size. But it's not all that complicated to do it well. It just takes a careful approach, the proper people and a set of well-defined and complete requirements. Trey helps us get a handle on the current state of affairs.

Over time I've had the opportunity to write a pretty significant number of blog entries. Some of those are technical in nature and try to describe how to do something specific on your computer. But truth be told, there have been many times when I wanted to do a weblog post but didn't because quite frankly it would have been too much work (for both of us) to explain how to do whatever it was in text form.

I've often considered doing screencasts in those cases, and I've even jumped in and done a couple here and there, but until recently it has not been something I have really tackled in most cases. I've used them at work (with substantial success), but not on the blog.

Just last week I wrote a post about the Windows Internet Time servers that Microsoft uses for its defaults being inoperable. I considered making a video screencast showing how to change your Internet time settings, but since I was not set up with the proper software and I have not been very happy with much of the software I have used for that purpose in the past, I just typed it up. Shortly after that post, I saw and entered a little online contest to win a copy of some screen capturing software called ALLCapture. Turns out I was one of the winners of the contest. So, this morning I downloaded the software and decided to put it to a real-world test.

I've updated the original post about the Windows time server settings to include the Flash version of the screencast, which I think turned out technically pretty well. My narration and organization left a bit to be desired, but hey what the heck. I left in the uhhh, verbal umm... bumps and didn't edit the video, and I also didn't use the full drawing and annotating capabilities of the software for this one. So, it's truly a quick and basic example of how you can capture and narrate a screencast. Note that you can edit after recording as well. That includes adding and removing audio, adding labels and pointers to help highlight items on the screen, etc. The included help file is useful in understanding how to do some of the more advanced work.

You can check out the simple video I made here. Also, here is a link to a basic Windows Media version for comparison. The Windows Media file is quite a bit smaller than the Flash version. Both use out of the box, default settings. I recorded the audio with my USB studio mic.

I also tried creating a screencast to accompany my post today about DreamScene and it turned out nicely, but the file size was pretty huge so I haven't posted it. The reason for the huge size is obvious if you've seen Windows DreamScene in action - it's a full screen capture of fully animated desktops, so everything is constantly changing in the scene. Needless to say, I need to figure out how to trim things down for screencasts like that one, so you can reasonably download them.

All in all, it's cool software and I think it will be quite useful.

Full disclosure: I won my copy of the ALLCapture software in a friendly online contest. I've tried it and found it to be pretty darn useful - enough so to write about it here - but be aware that I didn't purchase the software with my own cash. That said, it's good stuff and I think it's worth checking out.