Tuesday, 30 October 2007

Modesto, California - home to the annual Ninja Parade, was once again treated to an amazing display of Ninja skill this year.

    

Thank you, Onion News Network, and to Alex for passing this along. :)



Add/Read: Comments [1]
Humor | Random Stuff
Tuesday, 30 October 2007 09:12:19 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Sunday, 28 October 2007

November will be a busy month of conference travel for me. On November 7th I'll fly briefly to Las Vegas for a quick panel gig at the DevConnections conference (I'll be there Wednesday afternoon and all day Thursday), followed by a more extensive trip on Saturday the 10th to Barcelona, Spain. I'll be there for the entire IT Forum week of Microsoft's TechEd Europe conference. I've never been to Spain before, so I'm looking forward to the trip.

If you'll be at either of the shows, let me know and hopefully we can meet up and say hi. I'll be there in part to help run some floor events and to record more interesting interviews for our RunAs Radio shows.

I'm also going to stop off in the SF bay area on my way back from Spain to spend Thanksgiving with my dad and family there. By the time I get home it will have been two weeks on the road.



Add/Read: Comments [3]
RunAs Radio | Tech
Sunday, 28 October 2007 10:33:15 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Friday, 26 October 2007

There's been a slight lack of specific information about the actual Gmail IMAP rollout timeframes (the phrase being thrown around - "a few days" - is sufficiently vague, yet it tends to make one think of the number "three"), as well as a lack of information about Google Apps email service and IMAP on that system (as opposed to the generic Gmail platform). Some people already have IMAP enabled. I don't yet. I'm a little bummed, but I know how these massive rollouts for a system this size can be. They don't just happen automagically. So I exercise patience and use this time to drive myself nuts, heh.

Anyhow, I went looking for some specifics over at the Google Help site today, and found some new content in the Apps for Administrators specific help, as well as a linked description of how long it may be before I see it show up in my Apps email accounts:

We're working hard to roll out IMAP access to all our users, but it'll take about a week.

To use IMAP, you must have your interface language set to 'English (US)'. You'll know that IMAP is available in your account when the Forwarding and POP tab in your settings becomes Forwarding and POP/IMAP.

Until then, thanks for your patience!

There's a variety of other IMAP Setup related topics there as well. And you'll want to check out these third-party resources for some details in configuring things like iPhone and Thunderbird (or any client, really) so it works just the way you want it to:

So, within less than a week it sounds like, and I have the info I need to optimize my clients when it does happen. Nice - that helps. :)



Add/Read: Comments [6]
Mobile | Tech
Friday, 26 October 2007 13:53:06 (Pacific Standard Time, UTC-08:00)
#  Trackback

I got up this morning to the first frost of the season. It's cooled off quite a bit here the past week or so. I snapped a couple pictures. I like shadow-light images with a little contrast punch. You still cannot record images digitally quite the same nice way you can with film. But you can fake it if you try, and it costs a hell of a lot less per shot, that's for sure. Makes it way too easy to be lazy and trust in your luckiness though. I miss film. Heh.

258

frost5

241

Also, I have added a "Photography" category to the site, with its own RSS feed as well, since that's been a bit of a missing piece here.



Add/Read: Comments [1]
Photography | Random Stuff
Friday, 26 October 2007 10:46:02 (Pacific Standard Time, UTC-08:00)
#  Trackback

Looks like you can now (finally) link multiple Windows Live IDs together. You may also know them as your passport login addresses (Microsoft did a name change a while back).

If you have a Windows Live ID that you use for work and one that you use at home, you can link them so that you only have to sign in to Windows Live once to manage all of your accounts. When you link more than one Windows Live ID, you can sign in to a Windows Live site or service with one account and still have access to information related to the linked accounts.

Go to http://account.live.com and log in with your Live ID that you use primarily. You'll see a screen like the one below (click to enlarge the image):

     image

Once you click the link to link your LiveIDs, you'll be asked to provide the necessary information, and one more click 'til you're all set:

     image

Once linked, you can choose which LiveID you want to use on site with a switcher-link, like this one:

      image

Nice stuff. Now I can switch between my LiveIDs without going through the pain on signing in and out all the time.



Add/Read: Comments [0]
Tech
Friday, 26 October 2007 10:33:37 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Wednesday, 24 October 2007

For as long as Gmail has been around, The People have asked for IMAP (Internet Message Access Protocol) access to their accounts. Today, that time has come.

Google has announced they are rolling out IMAP across all Gmail accounts over the next few days. What does that mean? It's well-explained on the Gmail blog, right here. A little bird let me know this morning in IM. I really need to stop sleeping in so I can be the first to know every now and then, heh.

Ars technica has a good post explaining IMAP to the layperson and outlining the Gmail situation.

Now comes my big question: Is IMAP functionality also being rolled out to users of Google Apps mail (which is basically Gmail and other Google apps that you can use with @yourdomain.com)? I hope so, since that's they way I use their stuff. In the past Google's typical approach has been to enable new stuff on Gmail before rolling it out to Apps users. I've seen some people this morning claiming it's showing up here and there in apps accounts, but the people saying it are not actually mail for apps users, so grain-of-salt in my book. If you have a Google Mail for Apps setup, is IMAP an option for you yet?

If IMAP in Apps accounts happens (I am sure it will), my iPhone will get changed from POP to IMAP immediately (finally no more tedious deleting and marking as read), and Outlook 2007 or Thunderbird might just get resurrected. Fingers crossed!

Links:



Add/Read: Comments [3]
Tech
Wednesday, 24 October 2007 09:20:29 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Friday, 19 October 2007

I grew up in northern New Mexico. Green chile was everywhere, and found in everything. I remember for a while my dad was on this kick where he dreamed up all kinds of green-chile-in-it dishes. Random, crazy stuff like green chile pancakes and  ... well ... you name it. He had a condition where he couldn't taste much of anything, so I think it was the texture and spice that he liked. Anyhow, long story short: For the longest time I was completely burned out on green chiles.

Then I moved away from the area, and slowly the desire to eat good New Mexican food with green chiles in it returned. By far the best green chile in the whole wide world is from Hatch, New Mexico - a small farming town that's fairly close to where I grew up (well, close in a New Mexico sort of way). There is no debate on this one, by the way. Hatch chile is the best chile. Period.

The other day I decided to make some posole (my current recipe for which is below), and I used chiles in a can from the local (meaning Oregon-based) Safeway store. the posole turned out good, but honestly the green chile leaves a lot to be desired. I was spoiled, ruined, and spoiled again as a kid by Hatch.

I went online yesterday morning to the Hatch Chile Express web site at www.hatch-chile.com and ordered 14 pounds of roasted, peeled, diced and frozen Hatch green chiles from the Chile Capital of the World. You can also get whole chiles there, but unless you're making rellenos there's no point - Get diced and save the hassle of cutting and tossing out parts.

Today, almost exactly 24 hours later, the box arrived via FedEx. The shipment was very carefully and well-packaged, in a strong container with Styrofoam insulation and a frozen cold pack inside, and the 14 one-pound bags of chile were still perfectly frozen and went straight to my chest freezer (after some inspection and sampling of the goods, of course). I ordered mostly medium (since that's what I usually cook with) plus a few bags of hot and mild for good measure. Just the smell of this frozen chile confirmed I'd made a good decision.

Not often I get excited about putting food in my freezer, but as weird as it may sound I was excited today. Hatch chile is that good.

I also ordered some mild and medium variety seed for planting next spring (although the climate here will likely make for a challenging growing season). They threw in a book of recipes (which includes instructions for roasting the chiles if I can get them to grow) as well as several dish options and a handwritten note on the invoice about the varieties I had requested. It's nice to know you're interacting with a real, live person. :)

If you want the best green chile the world has to offer, you go to Hatch, New Mexico. If you can't get to Hatch, then you go online to Hatch Chile Express at www.hatch-chile.com -- and you'll be glad you did. By the way, you can also order wreaths, ristras and a bunch of other cool looking holiday-season stuff there. Highly recommended, check them out. And no, they're not paying me to say that - I am just that impressed and I think if someone sells something great, letting others know is a good thing to do. These are local farmers, actually in Hatch (not some large reseller in some city somewhere), and it's a family-run business. Their phone number and email address are on the web page. There's really no better way to do business.

Here’s my updated and current Posole recipe (an edited version of the one I posted here in 2004), archived here for myself so I won’t lose it, and for anyone else who’s interested and wants to try it:

  • Two #10 cans (108oz) Hominy (Juanita's or a similar Mexican style preferred, fresh or frozen/bagged is even better)
  • Two large yellow onions, sliced and cut up (not diced)
  • One tablespoon (or so) minced/chopped garlic
  • One teaspoon dry oregano (Mexican oregano if you can get it)
  • One envelope/package menudo spice mix (a few ounces, optional)
  • One quart (or less if you prefer) of frozen or canned green chiles, diced, preferably hot or medium strength (do not use jalapenos – use real green chile)
  • Salt (plenty)
  • Pepper (plenty)
  • Two pork tenderloins, about 4-5 pounds each
  • Olive oil

In a large stock pot (16 to 20 quarts size), combine the hominy, onions, garlic, oregano, and green chile. Fill with water to cover the ingredients, plus a little more (don’t get too worried about the water – just make sure it’s pretty full). Salt and pepper the heck out of it, and plan to do so again later. Turn on the heat and bring to a boil while preparing the meat.

Cut the pork into small cubes or similar shape pieces (like you can cut pork into cubes, yeah…).In a frying pan, heat a small amount of olive oil and brown the pork slowly, adding some salt and pepper to the meat.

After browning the pork, add it to the stock pot contents, and stir the meat in.Once it boils, turn the heat back to simmer the stuff. Simmer for about 15 minutes, stir, and boil again. Do this twice, then simmer again on low heat.

Now comes the hard part – leave it alone until the cows come home, stirring about every 30 minutes. Keep it on low heat, just enough to bubble a little, to avoid burning the food at the bottom of the pot. "Until the cows come home" translates loosely to anywhere between say five or six hours and overnight (depending on what time you start, I suppose). Trust me – let it cook down, it needs it. Add some water as needed to keep the stock covered. It will thicken up a bit as it goes.

And don’t be stingy with the salt and pepper in this recipe – you’ll need it. You will probably find you need to add some salt while cooking one or more times. Stir it in and cook for a few minutes, then stir again and taste.

Serve with tortillas, and if you want grate a little cheese on top when you serve it up.



Add/Read: Comments [5]
Personal Stories | Random Stuff
Friday, 19 October 2007 11:12:01 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Thursday, 18 October 2007

I didn't realize this site actually existed until now. The Microsoft Developer Network's Beginner Developer Learning Center, located at http://msdn.microsoft.com/vstudio/express/beginner/, looks to be a useful resource for people wanting to get a start in software development. The site has two "tracks" available: Web development and Windows app development, using the Express versions of Visual Studio.

Welcome to the Beginner Developer Learning Center - a centralized learning environment specifically targeted to beginning programmers. Here you'll find a rich array of learning content that starts with the very basics, and guides you through step-by-step to becoming a fully-fledged developer!

No experience or programming knowledge required - so dive right in!

So, hey kids - Go get learning!



Add/Read: Comments [0]
Tech
Thursday, 18 October 2007 17:22:16 (Pacific Standard Time, UTC-08:00)
#  Trackback

While I won't be able to attend myself (since I will be at TechEd in Spain at the time), the Seattle Code Camp is set to take place November 17th and 18th in Redmond. Anyone interested in presenting or attending (it's free!) can go to seattle.codecamp.us for more information and to get signed up.

Code Camp is a new type of community event where developers talk with—and learn from—fellow developers. All are welcome to attend and speak.

Code Camps are (1) by and for the developer community; (2) always free; (3) community developed material; (4) no fluff – only code; (5) community ownership; and (6) never occur during working hours.



Add/Read: Comments [1]
Tech
Thursday, 18 October 2007 12:23:07 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Tuesday, 16 October 2007

Recently I have been working on writing a set of practices for taking the IT Help Desk to the next level. Well, actually it's about fixing what's broken and reworking the people, processes and technology components in order to be a great, service-oriented help desk with happy customers and happy, motivated employees. And yes, it is possible to have it all.

At any rate, I read this blog entry by Tim Heuer recently, and it illustrates well the common problem with IT support processes. Read and weep.

When you read something like that and both laugh and cringe (mostly cringe in my case), it makes you think.

ITIL, COBIT, and everything else standards-based aside, there's a whole slew of internal motivations and behaviors common to IT organizations and customers, yet not really addressed by standards, that can make or break the success of your service desk and organization. Having processes and checklists in place is great, but what makes for a really great IT organization? What makes someone a great help desk customer?

You never get perfect (on either side of the desk). But you can run a practice that is measurably successful and does more than maintain status quo (not always a good thing, by the way) and just get the job done.

What are some of your help desk stories, good or bad? What have you seen that works? For all that is decent and tactful, please don't disclose your employers, any people or specific teams here (or they'll be deleted). But some illustrations would be great. Just be nice. :)



Add/Read: Comments [3]
Management | Tech
Tuesday, 16 October 2007 15:01:07 (Pacific Standard Time, UTC-08:00)
#  Trackback

Adam Shostack of Microsoft takes a critical look at threat modeling and changes to TM processes in a short series of posts on the MSDN Security Development Lifecycle (SDL) blog. It's a good read, especially when aligned with Larry Osterman's recent writings (which I mentioned recently) and those of others. If you're not a reader of the SDL blog and you're a security person or developer, I recommend it highly, by the way.

"In this first post of a series on threat modeling, I’m going to talk a lot about problems we had in the past. In the next posts, I’ll talk about what the process looks like today, and why we’ve made the changes we’ve made. I want to be really clear that I’m not critiquing the people who have been threat modeling, or their work. A lot of people have put a tremendous amount of work in, and gotten some good results. There are all sorts of issues that our customers will never experience because of that work. I am critiquing the processes, saying we can do better, in places we are doing better, and I intend to ensure we continue to do better."

Here's quick links to the blog articles by Adam. Those interested in secure development need to know and use a threat modeling process, and a critical view of said processes is important, so it's good to see this healthy example:

(also via Michael Howard's blog, which is a must-read security resource, too)



Add/Read: Comments [1]
IT Security | Tech
Tuesday, 16 October 2007 08:06:07 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Saturday, 13 October 2007

Okay, who wants to add me for Halo 3 fun? My XBox Live gamertag is gergin8or. I'm pretty lame at these games but what the heck. What's yours?



Add/Read: Comments [72]
Geek Out | Random Stuff
Saturday, 13 October 2007 12:42:38 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Thursday, 11 October 2007

UPDATE: The question of whether this actually tells you whether you're left or right brained has come up (I wondered myself how legitimate of a brain test this could actually be), and a post right here on greengabbro.net offers a reasonable and well-written explanation as to why it likely does not, in fact, tell you much of anything about your personality or brain. There's also some links to some interesting auditory "illusions" that I found quite interesting. But still, regardless of the braininess of the image, please enjoy playing with the illusion below. It's true that it can be seen turning either way (it's an illusion). But it's also still very interesting that different people see it different ways on the first try, or more often than not the first several tries.


The Herald Sun, a newspaper in Australia, has a cool page up with an animated image that can tell you whether you are right- or left-brained. Here is the original page, with the details.

Look at the image below. Which way is the dancer model turning, clockwise or counterclockwise?

Most people see it turning counterclockwise, which is correlated to being left-brained. If you see it turning clockwise, you're right-brained. Can you make it change directions? for some it can be difficult to impossible. I can get it to change briefly if I really try (I see it turning counterclockwise).

Here's what they say it all means:

LEFT BRAIN FUNCTIONS
uses logic
detail oriented
facts rule
words and language
present and past
math and science
can comprehend
knowing
acknowledges
order/pattern perception
knows object name
reality based
forms strategies
practical
safe
RIGHT BRAIN FUNCTIONS
uses feeling
"big picture" oriented
imagination rules
symbols and images
present and future
philosophy & religion
can "get it" (i.e. meaning)
believes
appreciates
spatial perception
knows object function
fantasy based
presents possibilities
impetuous
risk taking

 How's it look to you? What do you think?



Add/Read: Comments [24]
Random Stuff
Thursday, 11 October 2007 10:32:39 (Pacific Standard Time, UTC-08:00)
#  Trackback

widows_home_server_logo Windows Home Server, a way-cool implementation of the operating system that lets you easily create a flexible and remotely-accessible storage point, is now available for purchase on newegg.com. The price (as of the time of this posting) is $189.99, and it's worth every penny.

What is Windows Home Server? In a few short words... Backups, share and access files, easy setup (simpler than a VCR to use) and you just add drives to grow over time. Plus there's a bunch of cool add-on's already available. If you're a Windows geek, it's based on Windows 2003 server, so adapt away!

First of all, you should read a few of the reviews on the newegg page. They accurately and effectively describe the high points (and the remarkably few lower points) of the product. And here is a marketing description of the product that hits the basics:

Windows Home Server helps you pull together and protect all your family's files in a single, central location that makes sharing easy.

Protect the things you care about
Keep all those digital memories safe for future generations with features like automatic daily backups and full system restore.

Connect with your friends and family
Share your photos, music, movies, and other files from a single, central location that everyone in your home can get to. Friends and family can see and share any files you want, whether they're in another room or another country.

Organize everything all in one place
This smart hub helps your family organize all your shared files in one place. Windows Home Server cuts down on clutter and brings order to digital chaos.

Grow into the future
You can add more space easily whenever you need it, so no more hard choices about what to keep and what to delete. And new products and services will be added as Windows Home Server keeps growing and getting better.



Add/Read: Comments [6]
Tech
Thursday, 11 October 2007 06:20:19 (Pacific Standard Time, UTC-08:00)
#  Trackback

Jason Cross hits the nail on the head. It's not the hardware, it's not the software, it's not even the company. It's something else completely.

Bad apples (pun intended) can truly spoil the barrel.

I have to say, based on my own experiences and as a Mac user since the very first one came out (yes, that one) when I was a kid, I agree with Jason's points. Well-said and fairly-put.

Now you go read it. Someone needs to say these things, and Jason did. Good for him.



Add/Read: Comments [3]
Random Stuff | Tech | Things that Suck
Thursday, 11 October 2007 05:56:25 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Tuesday, 09 October 2007

master_chief2 Attention all Portland, Oregon and Vancouver, Washington area peoples:

Drop everything, sign up right now (see details below), and meet me to play HALO 3 on two 50-foot ultra-hi-def video movie screens this Thursday (October 11th) at 7:00 p.m. just across from the Portland Airport in Vancouver at Cinetopia. Why? Because it will be the ULTIMATE Halo 3 event.

And you're guaranteed a win, because I will be there. Bonus. Heh.

YOU GET TO PLAY HALO 3 on two 50-foot ultra-hi-def video movie screens (like double 1080p resolution, beautifully up-scaled by some super-fancy equipment to make for an awesome image) and an awesome theater setting, reserved just for us - and the proceeds benefit the fight against diabetes. What more can you ask for?

Your donation of $25 (or more) at the door or will go straight to the America Diabetes Association. You can also pre-donate online and bring your printed donation receipt to the door. There's room for 120 people, so register today to save your seat(s)!

Click to donate!ALSO -- The first 10 people who let me know (in the comments and/or via email) that they have signed up (details of which are below) because they read it here - and then show up to play - will have their $25 donation matched by me. So let's make this happen! It's for a great cause and will be tons of fun.

And blog about this on your own site if you have one. Spread the word!

You need to sign up ahead of time so seats can be counted - so please do it now!

Here are the details:

  • When:  Thursday evening, October 11th, 7:00-Midnight (and yes, you can leave earlier if you want or have to, it's not Hotel California or anything)
  • Where:  Cinetopia - here's a map and their web site
  • Who:  Due to the content and whatnot, 18 and older, please
  • Register for this event at http://iammasterchief.com/ with the RSVP code "FIGHTDIABETES" (and just ignore the fact that the date there is wrong, and you won't get an email confirmation - if you see the PDX event after signing up, you're good to go)
  • You can donate online and bring your web receipt, or donate at the door (but either way, please sign up at the link above)

You can also read more about this event on Rich and Scott's blogs. Proceeds benefit the American Diabetes Association (and Scott explains that quite well).

Business sponsors of the event include: Aivea, Robert Half Technology, Microsoft, the Portland Area .NET Users Group (PADNUG), the Software Association of Oregon, of course Cinetopia and others. A special thank-you goes out to all of them!



Add/Read: Comments [25]
Geek Out | Helping Others | Random Stuff | Tech
Tuesday, 09 October 2007 09:30:43 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Tuesday, 02 October 2007

I have realized more and more that the time I'm taking off from working right now is time I need to spend doing the sort of things I can't realistically do while employed full-time. For example, I'm actually considering taking the time (and the expense) to get my private pilot's license. We'll see. That may be a bit of a stretch (and the rainy season is coming). But every time I see Jeremy Zawodny post about airplanes and flying, I get excited about it again. Darn you Jeremy!

Broc Driver I've always wondered what it would be like to travel the highways in a big truck. I'm writing this from northern California because I am on the road this week with my friend Broc (he's the goofball in the picture). He drives a 18-wheeler for his family's moving company. We left Portland on Tuesday and we're driving someone's household items to Modesto, California. Then we turn around with a different trailer and load and head back home by the end of the week.

I'm not sure exactly what it is about traveling from here to northern California in a semi truck that interests me this much. Seriously, we could be going anywhere and it would be an adventure for me just traveling over the road in the semi for the first time. Add to that the fact that I have never made the trek from Portland to California on the ground (it's always been by air) and it certainly makes for something to look forward to. In fact, I have never driven further south in Oregon than Eugene before today. Considering I've lived here for pushing nine years, that's kind of sad. And the chance to hang out with a friend for a few days is pretty darn cool, so I'm glad he asked.

It was a great drive today - nice scenery. Mt. Shasta is incredible and huge. It was amazing to be able to see it off and on for such a long time as we approached it and drove past. The peak is at more the 14,000 feet and much of the surrounding area sits down around 3,000 feet more or less, so you can imagine how it stands out. Shasta Lake is very, very low right now. Like maybe even 100 feet low, it's crazy. But it looks like a great place to bring the boat for an extended trip next year. It's on the list.

What would you do if you had unlimited flexible time? I'm always open to new ideas. :)



Add/Read: Comments [2]
Personal Stories | Random Stuff
Tuesday, 02 October 2007 20:04:12 (Pacific Standard Time, UTC-08:00)
#  Trackback

I've worked in the financial services software industry for years. For the last couple years I ran the security division of a major online-banking software and services provider. Security is paramount in that market. The responsibility that goes along with the role is huge, but it's a responsibility that's shared by everyone involved. Taking security seriously can't be something that happens after the work is done, and it can't just happen at some milestone point in a project. It needs to be an ingrained principle, part of the way things are done from beginning to end.

Threat modeling, loosely-described, is a design process by which you examine your software application design through the eyes of the bad guys, in order to determine what your design needs to take into consideration and how it should be built to protect against malicious threats. From the design phase you take your documented threat model into development and use it as a living document throughout the development lifecycle. Or at least that's how we did it.

Larry Osterman, who's worked at Microsoft pretty much forever, is a pro when it comes to threat modeling and secure coding. I haven't ever met Larry, but I've read his thoughts on the topic and they're solid. He's written before a couple times about this, and more recently (over the past month) he wrote and posted a series of excellent articles on his blog about threat modeling at Microsoft in the Windows division. If you're into this sort of thing, as I am, it's also very interesting to look back at his articles from the earlier years and to compare how they do things today. They've matured quite a bit.

I'll leave the narrative and examples to Larry, but let me add this by way of punctuation: Threat modeling takes some time and effort, but understand that security is a critical component of quality. Reputations (and therefore businesses) depend on it. It takes a very intentional process to properly understand the landscape and to look at all the threats and vectors of attack. It's not easy for people to shift gears. Most developers spend all their time thinking in terms of getting software to function according to customer requirements. Just as important is making sure it won't do what the bad guys want it to do. So, if you're ready to argue that you don't have time to do threat modeling, I have a solid argument (several of them really, which are backed up by real-world proof) that you can't afford not to. Threat modeling is risk management for the software industry.

And then there's the very-real side benefit of threat modeling. When your designers and developers sit down before building the product and really start to think about all aspects of quality in a formal, documented manner, you don't just get security improvements. They'll be seeing and thinking about general product improvements that you just won't get otherwise. I can't tell you how many times someone has come to me during a threat modeling process with a look of glee in their eyes, excited to tell me "hey this threat modeling stuff is pretty cool, and we even came up with some other stuff that isn't strictly security-related but will make it a much better product. I'm glad we did this."

The rule of the game is strategic thought, proper defense, quality first, and better software done faster that costs less. And it can happen if you let it.

If you're a software developer, tester or product manger and you don't know what threat modeling is and how it works, you're missing out on something that really should be required in this day and age. So here is what you should do:

  1. Read Larry's articles, they're quite good.
  2. Buy three books (you'll notice Michael Howard is an author on them all):
  3. Be a leader and implement what you learn.


Add/Read: Comments [1]
IT Security | Tech
Tuesday, 02 October 2007 19:17:50 (Pacific Standard Time, UTC-08:00)
#  Trackback
 Monday, 01 October 2007

Update: Engadget has the details of the formal release today.

Looks like this Tuesday in Redmond will be Zune 2 day. I've been curious what they'll come up with for the next-generation device. I don't own one yet. Several friends of mine do. It's a nice device which (for me) has a couple imposed limitations that make it not as useful for me.

Rumors floating around about Zune 2 include a flash-based memory design (instead of hard drives), thinner case and WiFi integration (but we'll see if it's the classic Zune hobbled WiFi or something more useful). Also, word is there will be a new community site for Zune users announced.

For my part, I hope there's some revolution in the announcement, not just evolutionary changes. That might catch my wallet's interest.

via BetaNews



Add/Read: Comments [2]
Tech
Monday, 01 October 2007 10:36:21 (Pacific Standard Time, UTC-08:00)
#  Trackback