I'm very hopeful that Silverlight will achieve the market penetration of Flash.  Silverlight has so much going for it, like the DLR, the mini-CLR, XAML-based development, and so much more.  And like I said in an earlier post, it's a great example of people in Microsoft getting it, what with the multi-platform support.

The only thing that worried me about Silverlight was the lack of Linux support.  Like it or not, Linux is becoming a viable desktop platform, so it's important that Silverlight have some kind of Linux implementation.  I had heard somewhere that Miguel de Icaza had stated that he was going to have a Mono-based implementation of Silverlight ready by the end of 2007, but I didn't know if that was a reasonable estimate.

Somehow, I think I underestimated the Mono team.  Miguel and his band of crazy coders hammered out a more-or-less functional implementation of Silverlight, called Moonlight, in 21 days.  Holy freakin' cow, that's cool.

I'd also like to point out that Miguel mentions receiving guidance from Scott Guthrie and others in Microsoft.  I'm floored by this.  They're apparently that interested in making it succeed.

There's been a lot of chatter lately about the so-called Alpha Geek, and his perceived exodus away from .NET.  This strikes home for me, because I'm an Alpha Geek who is madly in love with .NET as a platform.  I see and understand some of the new "in" languages and platforms for Alpha Geeks (particularly Ruby and Ruby on Rails), but really, I'm just not all that interested right at the moment.  Scott Hanselman talks about the beauty of Ruby, but I see just as much poetic beauty in well-written C#.  And when you consider the great things coming out of Microsoft lately, like WPF, WF, WCF, etc., and the great things coming soon (Orcas, Silverlight, Acropolis, LINQ), .NET is such a compelling platform.

But this whole TestDriven.NET thing has got me concerned.  For the unfamiliar, a major contributor in the open source community is getting leaned on hard by Microsoft for a perceived violation of the Visual C# Express EULA.  Basically, he made an add-in that supports all versions of Visual Studio, including the Express SKUs.  And Microsoft's lawyers claim that distributing add-ins for the Express SKUs is a no-no. 

This is already creating a significant chilling effect throughout the community, and is undoubtedly going to push a lot of people away from .NET too.  It's a shame, too, because the development tools teams in Microsoft clearly get who their strongest supporters are.  Look at all the great ways Microsoft has engaged the developer community:  Codeplex, Channel 9, shared source projects like the ASP.NET Ajax Control Toolkit, supporting Silverlight on multiple platforms, and more to come.  They know that when the Alpha Geek feels engaged and empowered, he will evangelize the platform for them.  But the lawyers don't get that;  And to be completely fair, Microsoft's legal department can't be selective about EULA enforcement, or they lose much of their power in cases of genuine EULA violations. 

It sucks for everyone.  It sucks for the people in Microsoft who are watching their good will in the developer community get pissed away by the soulless lawyers, it sucks for open source developers like Rob Conery and Jamie Cansdale, but most of all, it sucks for the Alpha Geek who can do nothing but stand by and watch the train wreck unfold. 

I stole this from Alan Stevens, but it's fun and surprisingly true.  Here are the results of my Programmer Personality Test...

DHSB

You're a Doer.
You are very quick at getting tasks done. You believe the outcome is the most important part of a task and the faster you can reach that outcome the better. After all, time is money.

You like coding at a High level.
The world is made up of objects and components, you should create your programs in the same way.

You work best in a Solo situation.
The best way to program is by yourself. There's no communication problems, you know every part of the code allowing you to write the best programs possible.

You are a liBeral programmer.
Programming is a complex task and you should use white space and comments as freely as possible to help simplify the task. We're not writing on paper anymore so we can take up as much room as we need.

As much fun as it was, it's very good to be home.  My kids were both happy to see me, and the wife didn't complain too much.  Now that I've had some time to reflect on what I learned at Tech·Ed, I need to get my conclusions down before I lose track of them all.

Certification:  A lot of people don't put a lot of weight in certifications, citing examples of "paper" MCSD's (I've known a few myself).  That said, I'm really proud I got my MCSD at Tech·Ed this year.  I've wanted my MCSD since I was 13 years old, but I never made it a priority.  I had time and opportunity at Tech·Ed this year, so I took advantage of it.   My goal for next year is to complete the two upgrade exams to get my MCPD in Enterprise Applications.

Technology:  Admittedly, I saw fewer sessions than I wanted to.  I had a hard time adjusting to east coast time (being a late riser on central time to begin with), and I ended up oversleeping every morning.  That said, I saw a few technologies that got me really excited.  Among these are Acropolis, WCF, WF, LINQ, and a few others that don't immediately spring to mind.  Due to a relatively busy workload at Commerce, I'm a little behind the times on getting to play with these things (particularly WCF, WF, and LINQ, which I already knew about, but hadn't actually seen in practice), but that also highlights some need for me to do some deep thought on my career direction.  More on that later.

Community Involvement:  On an earlier post, I mentioned that I got to meet a bunch of my personal heroes.  I have a very deep desire to emulate these people and make the level of community contribution that they have.  I want to have something valuable to say, and I want to be able to present it so that people to want to hear it.  It occurs to me, looking at other people who have done it, I need to be more active in the community.  I have a blog with maybe 10 regular readers, which is all well and good, but I'm not providing anything valuable enough to merit any serious attention.  I need to start spending some time in newsgroups, forums, and the local .NET users group, getting down in the thick of the community and participating like I know I'm capable of.

Career Direction:  The more I think about it, the more I think I've been standing still for too long.  I'm very proud of what we've done at Commerce, and it's a good company I'm happy to be a part of, but the reality is that it's primarily a J2EE shop, and I'm living (happily) in a .NET world.  When you consider that online banking is a rather narrow customer-facing interface to our broader J2EE enterprise, I really begin to wonder if I shouldn't be thinking in larger terms.  Whether those larger opportunities are within or outside of Commerce is a question that I'll have to put some thought into.  I know there are shops out there who are into the bleeding edge .NET stuff that would be awesome, but I'd be remiss if I didn't mention I went to two Birds of a Feather sessions at Tech·Ed that really got me thinking;  One was "Thriving and Surviving as an Independent Consultant," and the other was "Starting and Running your own Software Business."  The thought I keep coming back to:  If all these people could do it, why couldn't I?  Wow, I've got a lot to sort out in this category.

Friends:  I made a lot of new contacts I'm looking forward to keeping in touch with.  I certainly hope a few of them are reading this and will also keep the lines of communication open.

Fun:  I went to a session on programming games in XNA.  I totally need to do that.  And hopefully sell the games I write.  :)

Wow, I saw/did so much cool stuff today, it's hard for me to keep it all straight.

First and foremost, I ended up taking my 70-300 (Analysis and Architecture) exam early, and I passed!  I'm now a Microsoft Certified Solution Developer.  I'm rather pleased with this.  :)

I hung out with Patrick Cauldwell for an hour or so, talking about life, family, business, regional weather patterns, and food.  That guy is seriously fun to chat with, and I look forward to speaking with him again.

Speaking of dudes from Corillian, I wandered by the DevExpress booth again, where Mark Miller was again demoing the product, and I noticed Stuart Celerier hanging out.  I said, "Stuart, I know you already use CodeRush, so what are you doing here?"  His response:  "I just enjoy hearing Mark present it."  So at least I'm not the only creepy Mark Miller stalker.

Speaking of hearing Mark Miller speak, I caught two rounds of Speaker Idol today at the Virtual Tech·Ed stage.  Several of the presentations were really good, but the one that I enjoyed the most was by Steven Smith.  He demonstrated something he called micro-caching in ASP.NET.  Basically, the premise is that when you've got a data-driven page displaying real-time data, you can still use ASP.NET caching to remove the database bottleneck while still maintaining at least a semblance of real-time.  In his example, he had a page that displayed a simple bound datagrid.  He started load testing it with Application Center Test, and it had a throughput of about 150 requests per second.  Then he enabled page-level caching with a cache timeout of only 1 second, and his throughput jumped to over 600 requests per second.  That was freakin' cool. 

During my latest round of stalking Mark Miller at the DevX booth, I noticed Miguel Castro lounging around on a bean bag chair.  I learned the other day that Miguel and I have a common bond, so I started a conversation with him.  He and I actually had a lot to talk about.

Finally, I closed out the day hearing Caleb Sima give a talk on threat models impacting Ajax applications.  Most of it was pretty common knowledge to anyone who understands how Ajax works and how ASP.NET security plays into it.  The session was still great though, as Caleb is an awesome speaker with an awesome background - Pretty amazing for a dude who's only a year younger than me.

It's only the first official day at Tech·Ed, but I've already got a bunch to write about.

Yesterday, I registered, got the awesome handout backpack/laptop carrier that they give you at registration, and went to hear Ron Jacobs' pre-conference Architecture seminar (the one that was going to be co-presented by Scott Hanselman).  I enjoyed Ron's presentation immensely, though.

Then I went to the Party with Palermo.  That was a blast, and the pictures prove it. 

• Here I am in front of the Glo Lounge, hanging out with the awesome Alan Stevens of the East Tennessee .NET Users Group.  He and I were the first to show up, yet we ended up around 20th in line.  Fortunately, we were early enough to have caught an eyeful of the four very young and very naughty-looking Russian girls who tried to invite themselves to the party.  Trust me, there's no way they were Tech·Ed attendees, but Alan and I both thought they should be allowed in anyway.
• I'm in the background here chatting up Stuart Celerier of Corillian (his back is to the camera).
• Stuart and I were asked to strike a pose.

This morning I caught another of Ron Jacobs' architecture talks (a much shorter one), and I went to a lunch seminar on getting your technical book published (I don't have any plans, I was just interested in the process).  Then I looked at my schedule for the rest of the afternoon and realized that nothing really struck my fancy too much, so I went to the certification and testing area of the conference, where I took (and passed) 70-340, Implementing Security for Applications with Microsoft Visual C#.NET. Passing that test, in combination with previous tests I've passed, means I am now an Microsoft Certified Application Developer. 

But then it gets better.  Now that I was an MCAD, I was only two tests away from Microsoft Certified Solution Developer (MCSD).  With a study hall full of training material and practice tests at my disposal, there's no time like the present, right?  About two hours later, I passed 70-316 (Windows Applications with C#).  And I'm scheduled to take 70-300 (Requirements and Architecture) on Friday.

Then I went and schmoozed on the expo floor for a while, before finally retiring back to my hotel.

Personal Heroes of Mine to whom I have Introduced Myself and Shook Hands

• Carl Franklin (Ambushed him at the bar at the Party with Palermo)
• Richard Campbell (Same as with Carl)
• Mark Miller (I actually stood at the DevExpress booth and heard him demo CodeRush for about 20 minutes before he asked me if I was interested, to which I replied, "No, I already use CodeRush.  I'm just a Mark Miller fan."  Which he seemed to think was kind of creepy...)
• Rockford Lhotka (He wandered up to the DevExpress booth when Mark was demoing CodeRush)
• Miguel Castro (He was at the Party with Palermo)

I'm looking forward to meeting/greeting/schmoozing even more than I'm looking forward to the seminars and labs.  Over the past few years I've built an admiration for a lot of bloggers in the .NET community, and I imagine hanging out with them will be as educational as Tech·Ed itself.

Hopefully I'll see you there!

A few years ago, when Xbox Live was first released, I wanted to pick out out a rather unique gamertag that I could also use as my online alias around the web.  As I am a Freemason, I wanted to pick something that was vaguely related to Freemasonry.    Given the legends around the relationship between the Knights Templar and the Freemasons, I thought something Templar-related would be good.  The moniker I chose was Bloody Templar, the etymology being:

• Bloody:  having or covered with or accompanied by blood; "a bloody nose"; "your scarf is all bloody"; "the effects will be violent and probably bloody"; "a bloody fight"
• Templar:  Knight Templar; a knight of a religious military order established in 1118 to protect pilgrims and the Holy Sepulcher

So "Bloody Templar" means a Knight Templar covered in blood.  It's a reference to October 13, 1307, the day when King Phillip IV of France ordered the arrest and torture of the Knights Templar (certainly a "bloody" day, in my book). 

So, there you have it, the origin of my gamertag and online alias, rooted in history, and tied to my interests.  How clever, right?

Unfortunately, what I envisioned as a somewhat cool and pithy gamertag apparently doesn't make sense to a lot of the intellectually challenged gamers that you run into on Xbox Live.  I can't tell you how many times this has happened:

[Bloody Templar enters an online game.]

RandomIdiot420:  What?  Bloody Tampon???

Bloody Templar:  How original.  Did you think that up all on your own?

RandomIdiot420:  Whatever, dude.  Your name is ghey*.

[Bloody Templar mutes RandomIdiot420 and submits negative feedback.]

*sigh*

(*Editor's note:  I use the 1337 word "ghey" because I'm not a big fan of using the word "gay" as an insult.  RandomIdiot420 is not only stupid, he's also a bigot.)

Our information security manager recently asked me and a few other resources via email if we could do something programmatically to prevent phishers from using our corporate logo.  One person suggested using JavaScript and/or CSS to trap right-clicks or obfuscate images behind transparent layers.  Unfortunately, all of the mechanisms he mentioned rely on client-side browsers to enforce our bag of tricks, and the average phisher is probably too smart for that.  Whereas IE is effectively blocked from right-clicking via JavaScript, Firefox easily defeats that trick (Click Tools > Page Info.  Go to the media tab.  Voila!  Save whatever image you want).  Even easier for the Linux-based phisher, as he can just use wget to pull down whatever images he wants.

A lot of banks have implemented two-factor and two-way authentications schemes (one of the earliest being Bank of America).  A little known insider's fact:  That's actually due to a regulatory requirement.  If your bank isn't doing it yet, trust me, they will.  So will implementing these schemes across all these banks actually help solve the phishing problem?  Probably, for a year or two.  Then all of your phishing attacks will rely on man-in-the-middle attacks to get around these two-way and two-factor authentication schemes.  Bruce Schneier predicted it, and it’s already been proven and is likely in the wild.  See:

• http://paranoia.dubfire.net/2007/04/deceit-augmented-man-in-middle-attack.html
• http://blog.washingtonpost.com/securityfix/2006/07/citibank_phish_spoofs_2factor_1.html
• http://www.cr-labs.com/publications/index.html
• http://www.gpayments.com/pdfs/Bank%20of%20America%20-%20A%20Perfect%20Target.pdf

My take:  Schemes like SiteKey (BoA's trademarked implementation based on a software package available from RSA) are useful for the time being, but in the long run, provide little in the way of valuable protection.  Unfortunately, many people view it as a panacea and have created a false sense of security around the whole two-factor and two-way authentication scheme.  Banks should not rely too heavily on implementations of two-factor and two-way authentication to ensure customer security.  Instead, I think banks need to step up customer education across all lines of business.  This includes campaigns to help the customer understand:

• Why you should never click on a link in an email
• What to look for in your browser to ensure a SSL connection directly to your domain
• How to use modern browsers’ built-in anti-phishing tools

Personally, I envision all of the above as being part of a strategy to increase corporate transparency.  There have been a lot of so-called corporate blogging sites launched lately, that help to foster a sense that corporations are listening to their customers and are genuinely interested in making them happy and soliciting their feedback.  Some great examples:

• Microsoft
• Dell
• Google
• Amazon
• Intel
• The World Bank

If you look at these, particularly in the conversations created in the comments, it becomes obvious that this is a great way to educate customers, get customer feedback, and make customers feel more empowered as partners.  Wouldn’t it be great if more corporations had a mechanism for this?

Of course, no one in our marketing department has asked me…  I’m eagerly awaiting their call…

(Reiterated disclaimer:  This ain't Commerce Bank's opinion, this is wholly mine.  See the legalese on the right, please...)