Privacy in the 21st Century

I received the following from my boss today.

FYI - this is a very interesting view from Nokia on the future of mobile based computing/communications.

http://blogs.techrepublic.com.com/itdojo/?p=496

It shows some cool ideas for the future of mobile technology from Nokia. As noted by my co-worker Chris, they failed to mention the privacy implications of their vision. Here's a tongue in cheek scenario from Chris that points out some issues.

~~~~~~ future Chris scenario ~~~~~~~~

Chris: Hello
Liz: Hi. Are you almost home?
Chris: yep, just picking up some milk
Liz: I show you at Hallmark. Are you just now buying our 50^th anniversary card?
Chris: *gulp* nope, got that weeks ago, I just am having a senior moment. Sec
Heard in the background: "You guys carry milk?" "No. Try the grocery store next door"
Chris: guess I will be a few more minutes, went to the wrong place.
Liz: I am totally "buying" that story.

~~~~~~ fade back to the present ~~~~~~

Coincidentally I was just talking with a friend that works for AT&T last night who said he as an AT&T issued Blackberry and AT&T has technology that maps where their employees are. They use the GPS in the phone and can even turn on the camera remotely and use that in determining where you are.

Social interaction technology is everywhere. MySpace, Facebook and Twitter are becoming part of everyday life. The President of the United States is even doing it.

How willing are we to give up privacy in order to improve social interaction?

Visual Studio Taking an Idea From Eclipse?

Microsoft is now pushing Visual Studio as a full-featured tools platform, with benefits similar to those provided by Eclipse. Looking at the main landing page for Visual Studio 2008 you'll see a very prominent reference to the upcoming Visual Studio 2008 Shell:

Use Visual Studio 2008 Shell as the core foundation for your own software development tools.

Microsoft has always made Visual Studio extensible so 3rd parties can build add-ons and extensions to the IDE that can give developers capabilities that are missing from the the tool set included out of the box. But, it seems like the focus has been more on getting third parties to extend the functionality of Visual Studio than to provide a platform for tools development.

The Eclipse project has similar cababilities for extending existing tools based on Eclipse, but their focus is on providing a rich platform for all tools developers. As a result, the Eclipse platform is widely used for a wide array of non-Microsoft tools.

Cudos to Microsoft. Time will tell how this affects the tools landscape.

Don't Run Production ASP.NET Applications with debug="true" Enabled

You shouldn’t publish applications compiled with debug=”true” to production. This setting is useful during development, since when you do this the compiler generates extra debugging information to assist in debugging (i.e. debug symbols). As part of this extra stuff, the compiler generates .pdb files that contain references to the source files and line numbers. Some people might not realize that these are generated on the machine where the compile takes place, so these references will be to the files on your local machine.

Showing this information in a production application is definitely a bad idea for security reasons. But, this is not the only issue. I’m including a link to an article that explains why it's a bad idea to leave this on when publishing to production. It’s probably ok to leave this on when publishing to your dev/test servers, but the article also discusses how you can compile with debug=”false” and still get the debugging symbols to assist with debugging. That is probably the better option for dev/test.

Here is an excerpt from the article:

One of the things you want to avoid when deploying an ASP.NET application into production is to accidentally (or deliberately) leave the switch on within the application’s web.config file.

Doing so causes a number of non-optimal things to happen including:

The full article is here:
Don’t run production ASP.NET Applications with debug=”true” enabled

Security Education vs. Security Training

An excellent article from Microsoft discussing pros/cons of Security Education (i.e. university curriculum) vs. Security Training (i.e. job-specific skill training) and how both are necessary.

Here is an excerpt from the article:

There has been a lot of hoopla lately around "secure programming skills" – with not-so-thinly veiled condemnations of academicians and the role of the university in addressing the IT security problem...


The full article is here:
Security Education v. Security Training

Visual Studio 2005 Web Projects - Why are they so different from Visual Studio 2003?

Visual Studio 2005 has a new way of handling web projects that is quite a bit different from how it was done in Visual Studio .NET 2003. For the initial release of VS 2005 this new "Web Site" project type replaces what was in VS 2003.

Here is a link to an article describing the new "web site" project, why they did it, the benefits, etc.
VS 2005 Web Project System: What is it and why did we do it?

Based on feedback related to the new paradigm, Microsoft is adding a new "Web Application" project type which works much closer to the way things worked in VS 2003. For now it is available as a preview, but it will eventually be released as an add-on to VS 2005 and will later become part of VS 2005 when SP1 is released.

Here is the main site with information on this new feature:
Visual Studio 2005 Web Application Project Preview

And here some articles about this new project type:
New Web Project Model Option Coming for VS 2005

Coming Soon: VS 2005 Web Application Project and VS 2005 Web Deployment Project Updates

Second release of the VS 2005 Web Application Project Preview now available

Contract-First - How do I do it with today's IDE's?

I am a huge proponent of doing “contract-first” (sometimes called “WSDL-first” or “schema-first”) development of web services. When creating web services as part of a Service Oriented Architecture (SOA), you want to design service oriented interfaces (SOIs) where information is passed to and from your service interface using XML documents. The definition of these SOIs is a contract defined by XML schemas and WSDL. This contract is your public interface to the outside world.

The idea of contract-first design is that instead of creating your implementation classes and then creating WSDL to expose the classes as web services (code-first), you create the WSDL and schemas first and then create the implementation classes to match the defined contract (contract-first). This is the best way to ensure interoperability and decoupling from service implementations.

The current IDE’s tend to provide good support of contract-first development for clients consuming web services. You point them to a WSDL and they create appropriate code (java or .NET) to consume the web service. Unfortunately, when it comes to creating web services that will be consumed by others, these same tools seem to assume that you have an existing implementation that you want to expose as a web service. It’s not that contract-first is not supported for exposing web services, it’s just that it’s not supported as seamlessly as code-first. I’m including some links to articles that cover following the contract-first approach using existing tools. The articles I’m including are mostly from a .NET perspective, but if you google “contract first” you can find a lot of people talking about this topic on both the .NET and java platforms.

Here is an article from Microsoft describing doing “Contract First” web service development with Visual Studio .NET and Eclipse:
Contract First Web Services Interoperability between Microsoft .NET and IBM WebSphere

Here is another article from MSDN magazine:
Contract-First Service Development

Here is an article from MSDN magazine that talks about enhancements in Visual Studio 2005 that help to support this type of development:
Developing .NET Web Services with Beta 2

Finally, here is a link to Microsoft’s main web services interop web site:
Web Services Developer Center: Web Services Interoperability

I don't want to end without mentioning Aaron Skonnard, who's the author of some of these articles and one of the biggest proponents of getting better tool support for contract-first development.

Pope John Paul II Buried Today

Pope John Paul II was buried today. I recorded his funeral, which aired at 4:00 am here, but I haven't had a chance to watch it, yet. I sang for a diocesan requiem mass for the Pope this afternoon at St. James Cathedral. It was very moving.

Our choir sang for the Pope at the Vatican back in 1993 and it was a life changing event. We got to have our picture taken with him and at that time it was apparent that he was no ordinary man. You could feel his holiness. My wife's comment today pretty much sums it up: "he was a saint walking among us".

Saint Pope John Paul II the Great, thank you for your inspiration. You will be sorely missed.