A different kind of game...

My friend Broc works at his family business. They have this great big lot and facility in an industrial area of Portland, with a few warehouses and huge shop buildings. Two of the buildings are vacant, and the lot lends itself to hiding, sneaking around and - well, a different kind of organized (and safety-conscious) fun.

I didn't take the pics, I just lent my camera to another person who ran around trying not to get shot at, while I took an MP5 and defended the base.

By the way - and before anyone freaks out: While this looks hard-core, realistic and (if it was real) dangerous, it's actually a game/sport called Airsoft, and the people who play are quite safety-conscious and wear proper protective gear. The guns shoot lightweight, tiny plastic balls the size of a BB. Yes, they can hurt if shot too close, but a red welt is about the worst one can expect when wearing the proper protective gear - namely good eye protection. Safety is important, and it's what makes the game fun. You'll hear people calling "safety kill!" if they are too close to shoot safely, for example. Obviously, point-blank shots with plastic BB's will hurt, so everyone's quite careful and adheres to certain rules. Never play games like this without the proper safety gear - anyone who doesn't practice safe play is an idiot, and you should not include them. Trust me, having fun is good, but being cool and safe with others is much more important.

Ok, anyhow - here's some pictures of what we did last night:

Don't have any train cars available in your local industrial complex, a la Counter-Strike? That's okay, semi trucks are a good stand-in, and besides they have real horns and lights and other things that can throw people off. Plus, the trains are just over on the other side of the fence, so the crashing train sounds are there, even if the cars are not.

Flash photography makes these guys a little more visible than they actually are when you're playing. Imagine nighttime alley lighting and shop lights indoors being turned on and off by whoever happens to have control of the light switches at the time. You never really know when it will be dark or light.

Hard Core Dave. Camper, heh. 'Nuf said.

Cory checks the warehouse floor from behind cover. See the light switches? Cory's the master of lighting tactics.

The attacking team posed for a photo. All us defenders should have done the same. Doh! There was 12 or more of them and 8 of us on the defending team.

Three posers of us from the defending team: Dave, me and Cory. Dave and Cory were a little more effective than me - I got safety-killed around a doorway corner right at the beginning of the first game, and got one "kill" in the second game before I got exposed when the lights came on and I was in the clear. Dave got several, and Cory got a couple too.

That was fun. I discovered I definitely need to go and buy glasses (or contacts maybe) again (I broke my last pair and have not had them replaced because I am lazy that way). Gun sights just aren't as easy to see as they used to be!

It's windy and a bit chilly today. But the flowers are cool. Spring's sprung.

Microsoft has published their Security Development Lifecycle whitepaper, where they describe the process that Microsoft has adopted for the development of software that needs to withstand malicious attack.

It's a good read for people responsible for writing software, as well as those responsible for ensuring software development processes properly addresses security as a requirement.

The basic principles of the Security Development Lifecycle are described in the paper:

• Secure by Design: the software should be architected, designed, and implemented so as to protect itself and the information it processes, and to resist attacks.
• Secure by Default: in the real world, software will not achieve perfect security, so designers should assume that security flaws would be present. To minimize the harm that occurs when attackers target these remaining flaws, software's default state should promote security. For example, software should run with the least necessary privilege, and services and features that are not widely needed should be disabled by default or accessible only to a small population of users.
• Secure in Deployment: Tools and guidance should accompany software to help end users and/or administrators use it securely. Additionally, updates should be easy to deploy.
• Communications: software developers should be prepared for the discovery of product vulnerabilities and should communicate openly and responsibly with end users and/or administrators to help them take protective action (such as patching or deploying workarounds).

Also discussed are the phases of the lifecycle in application, and Microsoft's experience in putting the DSL into use at that company, as well as the results of the initiative. If the small amount of information quoted above is of interest, take the time to read the paper.

Dana Epp comments and has insights into the changes that have happened at Microsoft over the past few years. It is pretty darned amazing to have watched (and participated in, as part of my roles as partner and customer) the changes Microsoft has made with regard to security. I can say from my own experience that security is at the front of MSFT developers' minds every day, and while it's not perfect (and never will be, regardless of the software or authors), it definitely shows.

(via Dana Epp's weblog)

Out of the toilet and into the conference room, the video saga of Rory and Scott's lead-up to TechEd continues.

Rory and Scott - Two really high speed programmers...

Thank God for WS-PPT

Enjoy.

I clicked through a few blog posts and comment author links (since their comments were interesting to me) and ended up on Dave McClure's weblog (again). There at the top, I saw his latest entry - that SimplyHired.com has just been launched.

So, I clicked on over. It's fast, easy, nifty and cool. Within a few seconds I did a search for keywords in my area and found current job listings from Monster, America's Job Bank, Career Center, USA Jobs, HotJobs and more.

Search for a phrase by putting it in quotes. You can see the age of the listing under each item, as well as where it's from. When you click on a link, you go to the original listing.

Fast, simple and it works. Not bad. They even have a blog.

And I like the "no results" response:

"Dang. We didn't find anything for you.

"You're probably a good speller, but check the description or location terms you entered. You can also try using some other keywords, or enter fewer words to expand your search

"It's also possible we made an error somewhere. Sometimes computers are human too. Sorry."

Chris has just announced that Gnomedex 5.0 registration has opened up. There are 300 spaces open, so sign up soon! If you've been to a previous Gnomedex, there's no need to explain the why's an how's, but for those who have not, here's a little info:

• It's in downtown Seattle, Washington at the Bell Harbor International Conference Center  - a GREAT city and with easy access via air, car, train, or whatever.
• It Begins Thursday June 23rd at 5:00 pm and ends Saturday June 25th at 6:00 pm.
• Gnomedex is a great place to actually meet and talk to a variety of high-profile techies, geeks and other smart people. It's also a great place to form relationships and get cool ideas.
• The Gnomedex blog is right here (clicky-clicky).
• I met a good number of people face-to-face at Gnomedex last year that I am in regular contact with ever since.
• Register here.

I'm already registered, now I just have to rework my crazy schedule!