I'm looking forward to meeting/greeting/schmoozing even more than I'm looking forward to the seminars and labs.  Over the past few years I've built an admiration for a lot of bloggers in the .NET community, and I imagine hanging out with them will be as educational as Tech·Ed itself.

Hopefully I'll see you there!

A few years ago, when Xbox Live was first released, I wanted to pick out out a rather unique gamertag that I could also use as my online alias around the web.  As I am a Freemason, I wanted to pick something that was vaguely related to Freemasonry.    Given the legends around the relationship between the Knights Templar and the Freemasons, I thought something Templar-related would be good.  The moniker I chose was Bloody Templar, the etymology being:

• Bloody:  having or covered with or accompanied by blood; "a bloody nose"; "your scarf is all bloody"; "the effects will be violent and probably bloody"; "a bloody fight"
• Templar:  Knight Templar; a knight of a religious military order established in 1118 to protect pilgrims and the Holy Sepulcher

So "Bloody Templar" means a Knight Templar covered in blood.  It's a reference to October 13, 1307, the day when King Phillip IV of France ordered the arrest and torture of the Knights Templar (certainly a "bloody" day, in my book). 

So, there you have it, the origin of my gamertag and online alias, rooted in history, and tied to my interests.  How clever, right?

Unfortunately, what I envisioned as a somewhat cool and pithy gamertag apparently doesn't make sense to a lot of the intellectually challenged gamers that you run into on Xbox Live.  I can't tell you how many times this has happened:

[Bloody Templar enters an online game.]

RandomIdiot420:  What?  Bloody Tampon???

Bloody Templar:  How original.  Did you think that up all on your own?

RandomIdiot420:  Whatever, dude.  Your name is ghey*.

[Bloody Templar mutes RandomIdiot420 and submits negative feedback.]

*sigh*

(*Editor's note:  I use the 1337 word "ghey" because I'm not a big fan of using the word "gay" as an insult.  RandomIdiot420 is not only stupid, he's also a bigot.)

Our information security manager recently asked me and a few other resources via email if we could do something programmatically to prevent phishers from using our corporate logo.  One person suggested using JavaScript and/or CSS to trap right-clicks or obfuscate images behind transparent layers.  Unfortunately, all of the mechanisms he mentioned rely on client-side browsers to enforce our bag of tricks, and the average phisher is probably too smart for that.  Whereas IE is effectively blocked from right-clicking via JavaScript, Firefox easily defeats that trick (Click Tools > Page Info.  Go to the media tab.  Voila!  Save whatever image you want).  Even easier for the Linux-based phisher, as he can just use wget to pull down whatever images he wants.

A lot of banks have implemented two-factor and two-way authentications schemes (one of the earliest being Bank of America).  A little known insider's fact:  That's actually due to a regulatory requirement.  If your bank isn't doing it yet, trust me, they will.  So will implementing these schemes across all these banks actually help solve the phishing problem?  Probably, for a year or two.  Then all of your phishing attacks will rely on man-in-the-middle attacks to get around these two-way and two-factor authentication schemes.  Bruce Schneier predicted it, and it’s already been proven and is likely in the wild.  See:

• http://paranoia.dubfire.net/2007/04/deceit-augmented-man-in-middle-attack.html
• http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs_2factor_1.html
• http://www.cr-labs.com/publications/index.html
• http://www.gpayments.com/pdfs/Bank%20of%20America%20-%20A%20Perfect%20Target.pdf

My take:  Schemes like SiteKey (BoA's trademarked implementation based on a software package available from RSA) are useful for the time being, but in the long run, provide little in the way of valuable protection.  Unfortunately, many people view it as a panacea and have created a false sense of security around the whole two-factor and two-way authentication scheme.  Banks should not rely too heavily on implementations of two-factor and two-way authentication to ensure customer security.  Instead, I think banks need to step up customer education across all lines of business.  This includes campaigns to help the customer understand:

• Why you should never click on a link in an email
• What to look for in your browser to ensure a SSL connection directly to your domain
• How to use modern browsers’ built-in anti-phishing tools

Personally, I envision all of the above as being part of a strategy to increase corporate transparency.  There have been a lot of so-called corporate blogging sites launched lately, that help to foster a sense that corporations are listening to their customers and are genuinely interested in making them happy and soliciting their feedback.  Some great examples:

• Microsoft
• Dell
• Google
• Amazon
• Intel
• The World Bank

If you look at these, particularly in the conversations created in the comments, it becomes obvious that this is a great way to educate customers, get customer feedback, and make customers feel more empowered as partners.  Wouldn’t it be great if more corporations had a mechanism for this?

Of course, no one in our marketing department has asked me…  I’m eagerly awaiting their call…

(Reiterated disclaimer:  This ain't Commerce Bank's opinion, this is wholly mine.  See the legalese on the right, please...)

I'm really looking forward to Tech·Ed, not just for the seminars but also for the networking opportunities.

 One of these networking opportunities I'm really beginning to look forward to is the Party with Palermo on the 3rd.  I've been told it's a must-attend event. 

Unfortunately, it appears that my favorite .NET speaker, Scott Hanselman, isn't going to be able to make it to either the party or even any of the Tech·Ed conference.  I'm very sorry to hear that, but on the upside, it means I'll get the opportunity to hear some other speakers that may be new to me.

As anybody who works with me will tell you, I'm a big fan of Corillian.  Our online banking system at Commerce is built on their platform, and much of my life revolves around that platform and its accompanying development tools.  I'm especially a fan of Corillian's Chief Software Architect, Scott Hanselman, but at a recent conference I got to chat with another highly-respected architect at Corillian, Patrick Cauldwell.

Patrick has been working on a project using a security architecture called AzMan.  When he recently had difficulty navigating a technical hurdle, I made a suggestion that Patrick ultimately used as a basis for resolving the issue.

I couldn't be happier that, in some small way, I got to influence the design of a product that I will likely be using every day.  How often does one get to say that?

Thank you for giving me that opportunity, Patrick!

A coworker sent me a link from lifehack.org talking about the possible obsolescence of the hard drive and software.

Personally, that school of thought was what made me finally settle on Gmail, Google Reader, Google Personalized Homepage, and Google Calendar.  I haven’t yet made the leap to Google Docs & Spreadsheets (and, if rumors are to be believed, Presently).  Reason being, the only time I use a word processor at home is when I’m writing a snail-mail letter, usually to complain about something.  While Google Docs has an “export to PDF” feature that provides an otherwise decent printable copy, they don’t (yet) give you any customization options on the print format (portrait v. landscape, margins, etc.).  If Google Docs would give me that, my home office software suite would be completely online.  Until then, I’ll keep using OpenOffice.org.

And where's my online version of Quicken or MS Money?  I like my personal finance manager, but I have yet to see a compelling online replacement.  Sure, there's Mvelopes, but I tried it and didn't like it.  Get me a good online PFM that integrates with all the OFX-based data sources Quicken can, and offers integrated online bill-pay with balance forecasting, and I'm there.  Charge me $5 a month if you want.  I'll pay it.

Even if I were to move all of my day-to-day tasks online, I'd still never be able to call the hard drive obsolete.  I've got way too much digital music, video, and photos that I'm not willing to share with the world, nor am I willing to wait for it to upload/download in huge chunks.  No, I'll keep buying more and more storage for these things, and I'll keep paying Mozy $5 a month to back them up.  Digital media will continue to drive me to buy more storage, even in a world where you could, at least theoretically, offload it online somewhere.

Then there are development tools.  If you're a .NET developer, you're pretty well tied in to Visual Studio, or perhaps SharpDevelop.  I don't see either of these tools going web-based anytime soon.

So I can't move my whole life online, but can I at least carry a large part of it with me?  Lately, I’ve been toying a lot with the notion of carrying my life on a USB drive.  Of course, the obvious solution is the PortableApps suite, but that doesn't get me anything the Google App suite doesn't already.  MojoPac (a virtual desktop that leverages the host Windows OS as its own OS) sounds closer to ideal, but there are application compatibility concerns.  Can I be sure it'll work with all my apps?  So far, the most appealing option is to get a big-ass USB drive and build a VHD with everything I need, and then run the VHD in Virtual PC on whatever system I'm using.  The downside to that, assuming the owner of the PC will let me install Virtual PC, is performance, although it's less of an issue these days thanks to Moore's Law.

But then again, when I've got Remote Desktop Connection, does it really matter?

(Side note: Scott Hanselman did a podcast with Gina Trapani of LifeHacker.com a few months ago.  If you dig life hacking, it's worth a listen!)

I couldn't resist sharing this, even if it does make me a bigger nerd at work than I already am...

Star Trek vs. Star Wars

Hey, Jeff Atwood latched onto the same metaphor I did - Cockburn's "rock climbing" metaphor.

I really love this metaphor for all the same reasons as Jeff.  What I'm trying to figure out is if "programming as a game" - e.g., Cockburn's "Crystal" approach, can fit within a pre-existing methodolgy.

Here at Commerce, the overall online banking team, that is, QA, development, and project management, already use a methodology based very loosely on Scrum.  I can't expect QA and project management to embrace anything new, especially since so much work has gone into acceptance of the current methodology.  But can the developers adopt this new methodology and integrate it into the existing one?

I've sometimes marveled at how different the code I write today looks when compared to the code I wrote just a few years ago.  Apparently I'm not alone - Scott Hanselman just posted about rescuing his C#-based TinyOS from the doom of GotDotNet, commenting that he was "shocked and offended" with himself after review the code a few years later.  Man, I know that feeling.  Here's the comment I posted to Scott:

Hey Scott, nice new theme! I apparently missed the rollout of it since I usually read everything via my feed reader.

I have to take the bait on your comment about telling you how our five year old code looks. Five years ago, I would have been at Commerce Bank for a little over a year, and hoo-boy, did I write some embarrassingly bad classic ASP and VB in that era. Those first couple years at Commerce were a crash course for me in a lot of things - web technology, pseudo-OOP (realizing that we're talking about VB 6), COM, enterprise development, etc. Five years later, I can say with confidence that this code is amazingly bad; Especially anything where I tried to use XML for no reason other than because it's what the cool kids were doing at the time. Any of the code I wrote in that timeframe should be treated as hazardous material and properly disposed of. Thankfully, the programmers who maintain that application today have long since replaced most of my offending code - except the nifty little VB app I wrote to bridge our contact center softphones to our ASP-based web app via DDE.

Prior to coming to Commerce, my start was as a subcontractor for an independent consultant who had a thing for XBase languages. When I started as his apprentice at the age of 12, it was Clipper. Then FoxPro 2.6 for Windows. Then Visual FoxPro 3.0, 5.0, and, by the time I graduated from college and went to work for him full time, Visual FoxPro 6.0. If I were to look around my home office today, I could probably find some code left over from that bygone era, but that begs the question: Why on Earth would I want to? :)

This is old news to a lot of people, but it's a useful tidbit that I'm sure a lot of people could use.

If you're trying to install a Firefox extension and Firefox tells you that it can't install the extension because your version of Firefox doesn't support it, there's a possibility it'll still work.  You just need to trick Firefox into thinking it's compatible.  Note:  You try this at your own risk.  If you hose Firefox, your computer, and/or your relationship with your significant other, I don't want to hear about it.

Save the extension's .xpi file to your local machine (right-click and "save link as...").  Rename the file with a .zip extension.  Open the zip file and extract install.rdf.  Open it in your text/xml editor of choice.  Look for the tags em:minVersion and em:maxVersion and edit as appropriate for your version of Firefox.  Save install.rdf and add it back to the zip file, replacing the original.  Rename the zip file to its original filename with the .xpi extension.  In Firefox, click "File|Open File..." and open the .xpi file.  It should install now.

If the extension installed but doesn't work, it probably genuinely isn't compatible.  Uninstall the extension.

I've had cases where Firefox complained about being unable to install the extension because of an invalid signature.  If this occurs, delete the META-INF folder from the zip file.  That folder is what contains the signature information.

Good luck!

Somehow, I've failed to add Jeff Atwood to my blogroll before today.  That seems odd to me, since I'm a huge Scott Hanselman fan, and Scott gives mad props to Jeff all the time, jokingly referring to him as his Nemesis.  (Side note:  I don't know that Nemesis is the mythological character I would choose, Scott.  I think him being Pollux to your Castor is more appropriate, but I digress...)

So I added Jeff to my blogroll today, and the very first post to come across my reader is a discussion on Alistair Cockburn's "Software Development as a Cooperative Game" presentation.  This is not light reading, but it is fascinating.

The basic premise is that software development can be viewed as an ongoing, cooperative game, not unlike rock climbing.  Other than the obvious implications of making your work more meaningful than "I do this to get paid," I think this model provides a lot of value, not just in making your own career more rewarding, but also in building a team that can trust each other and build on each others' strengths and weaknesses.

As we've worked to build our online banking development team at Commerce, we've struggled a bit with team dynamics.  Basically, what it comes down to is, as I assert my role as a technical lead, I sometimes have a tendency to be an impatient condescending jerk.  Having identified that as my weakness, and applying the "rock climbing" metaphor, it should be easier for me to understand and curb that behavior.  We can't all climb rock walls at the same speed, or using the same tools, or over the same paths.  Condescending to someone isn't going to help them traverse the wall any quicker;  It's just going to make them want to throw me off the cliff.

I decided to go ahead and purchase my own domain name.  Welcome to CamTheGeek.com!