21 December 2006

Open Source vs. Microsoft

The success of the .Net platform has coincided with the rise of open source development, and spawned quite the variety of open source .Net tools. Microsoft, however, has decided not just to not embrace this (Codeplex aside), but to contribute to the death of these tools. And hey -- this post is not about Linux!

We have NUnit, and now Visual Studio Team System includes Team System Test, in many ways inferior. Integration of NUnit into the VSTS development environment via Test Driven .Net, along with NCover made a powerful unit testing toolkit.

We have NAnt and Cruise Control and Draco for build management and continuous integration. VSTS now has MS Build which is, again, not quite there.

We had NDoc, which has now been abandoned by the original developer because of the upcoming Sandcastle.

I'm not sure where the advantage is for Microsoft. The open source .Net community is thriving and has created a rabid group of developers that loves .Net. That's a group that is going to support Microsoft and not run away to use Linux, Apache, Java, LAMP, Ruby or other very capable and competing platforms. Had Microsoft included the full capabilities of these open source projects in its own tool set early on, everyone would have been happy. But now, the appearance is that the company wants to kill these things. There are so many options they could have pursued to integrate these tools by being inclusive and fostering goodwill toward the community... damn, I sound like a pansy... and to top it off, they haven't even done the analogous tools as well as the open source versions. Not only is the message clear ("we'll do it and you'll like it") but this creates a chilling effect on future open source projects.

It seems that many big companies sometimes just have their proverbial heads up their butts. When I see what Microsoft now offers (which is fantastic, no doubt) and consider the alternatives (Ubuntu, Java, Ruby on Rails, MySQL, on and on...), I'm not feeling so insecure about not choosing Microsoft for every project. The argument can no longer be confidently made about Microsoft, that "you know their tools are going to be the standard." That Microsoft has been in the cross hairs of many a competitor and come out on top nearly every time is, like the investment mavens say, "no guarantee of future performance."

14 December 2006

Lorem Ipsum

Lorem ipsum generator and brief history. I always wondered, now I know.

13 December 2006

More Podcasts

TWIT has some very good podcasts. Leo Laporte's KFI program (soon to be called something else, I think, because he is leaving the radio station on which the podcast is based) showcases his knowledge about almost everything tech. He fields calls from the confused masses on topics ranging from HDTV to Linux, Mac and Windows. Steve Gibson's Security Now (hosted by Leo) is extremely interesting. Steve is the man behind SpinRite and his website is a good source of utilities and security information. The production quality on TWIT is top notch. Leo has that classic deep radio tenor, this marriage of radio and podcast works well.

08 December 2006

Encrypt your Thumb Drive

TrueCrypt is a great, open source, free encryption tool for thumb drives. I have been using this for several months now on my 2gb thumb drive, using AES encryption, and it has been working flawlessly. I created mount.bat and unmount.bat batch files to hook it up and take it down. I couldn't get autorun.inf to do this automatically when I connect the drive on Windows XP, maybe I will come back to that when I have time. Highly recommended.

Some good links for how to set it up and configure a mountable thumb drive:
http://glosoli.blogspot.com/2005/09/encrypted-thumb-drive-and-autoplay.html

http://lifehacker.com/software/portable-applications/hack-attack-quicklaunch-your-usb-workspace-182792.php

Microsoft IE, Proxies and Sandboxing

I switched from using Internet Explorer to Firefox about a year and a half ago, with no regrets. The only downside has been using sites that require ActiveX controls, such as Windows Update, Sharepoint intranet administration and sites that distribute software using Microsoft .Net "click-once" deployment. And damn these sites for forcing me to use IE! The reason to avoid IE (widely known) is poor security. Despite this, I know people who are still using it and think nothing of it. It makes increasing sense that open source solutions such as Firefox help with security. The source code is reviewed widely by people both inside and outside the organization, and vulnerabilities are identified and corrected regularly as a result.

Since I made the switch, my anti-spyware has shown a remarkable drop in my acquisition of spyware/malware while surfing. In fact, the only things I regularly see are the odd tracking cookie. Between good habits like not opening email attachments, setting mail readers (Windows-based and web-based) to not display graphics in HTML email, running a software as well as a hardware firewall, keeping my systems updated and fully patched and running anti-virus software (AVG free edition currently), I have happily avoided infection. And not just obvious infection, but any infection. People who may not know this should be aware that increasingly, malware can run without obvious symptoms while intercepting information you are entering in various places.

You can further lessen your exposure to bad things by installing your own proxy server, such as Proxomitron, which is installed and configured on your machine. By piping all web requests through this local HTTP filtering program and configuring it in various ways, you have another useful means of blocking bad content. The details of this would require an entire article, but their website is a good place to start.

And speaking of proxy servers, IE has or had (it may have been patched) another issue with using the auto-detect proxy settings option. Steve Gibson described this on a recent TWIT security podcast. Even without the vulnerability, you want to uncheck this option to avoid the performance hit it causes.

The other issue that concerns me is web surfing on machines that other people have access to. I would like to be able to buy something online and do things like log into my work email without leaving cached information on the machine's browser. The solution may be sandboxing, which Steve Gibson also recently discussed. Using a tool like Sandboxie, you can avoid leaving typical artifacts of browsing on the machine you're using. Sandboxie basically creates a virtual sandbox in which it runs any application (such as IE), and all caching is done in the sandbox. When you're finished, these files are deleted when the sandbox is shut down. That is brilliant.