Agile Musing

I was at a LOMA meeting for work last week and was talking to a couple of other attendees about their Agile practices.

loma

It reminded me of some early thinking I was doing back in the 90′s.  I was always drawn to doing things in what people now call an Agile way; but the first time I heard someone actually put words to what I was thinking was a presentation Jim McCarthy did at the 1995 Microsoft Global Summit in San Diego (I think).  I used to have the video on tape but it seems to be long lost at this point.  I found a couple YouTube excerpts but not the who thing.  He went on to write his book Dynamics of Software Development which elaborated on his 21 rules (I think the book has 40 something).  I remember liking his style…oh yeah…and the content was good too. :-)

The Pragmatic Programmer is another book that put more meat on the bones of things that I was thinking or struggling with.  I consider this a timeless book unlike the Peter Norton’s Programming Guide to PC book (the pink shirt book) I recently came across in my archive.Norton

As I reminisce I am reminded about the Agile Manifesto which at first made me laugh but after that tickling feeling passed I took the simplicity and truth of it to heart.  I attached the image I keep on my desk here for posterity.

agile-manifesto1

Not sure what the next Agile is going to be.  I do feel like there is something still missing that  I can’t quite put my finger on.  Hmmm.

IIS 7.5 and 2 Level Auth

We use a large vendor application at work.  We host all the infrastructure for the application inside the firewall, so there is absolutely no access from the Internet.

In IIS6 we configured 2 level authentication – NTLM and Forms Auth.  The vendor requires Forms Auth for the application.  Given the importance of this application and sensitive nature of the data; I also enabled NTLM and secured the site to only people in our division (about 450 people).  There are about 150 logins in the application meaning that 300 people have access to the site; even though they will not be able to actually see any screens until they login.

Through a series of discussions with different audiences; it was decided that there is still enough of a risk of those 300 people being infected with something that takes advantage of cross site scripting or other classic vulnerabilities.  So I further locked down the site using a more restrictive group.  While I feel like we are being a little paranoid about, I capitulated.

Enter IIS7…

images

Our standard for servers is Windows 2008r2 so we are on IIS7.5.  Doing this same 2 level authentication on IIS7.5 did not work.  Why?  Well because of the integrated pipeline…it simply cannot not do both at the “same time”.  One has to come first.  In IIS 6 NTLM always came first since that was done my IIS and then Forms Auth since that was done by ASP.NET.

There are a couple of hacks out there that describe how to work around this.  One of which I found posted here by Mike Volodarsky (formally of the IIS team).  Here he talks about a way to make this work by splitting up the authentication and forcing one to happen before the other.  I was up until well after midnight last night trying to consider how I would make this work given that the application is a vendor application and I don’t have the source code.  Not to mention that everything is precompiled, signed and obsuficated.  All of which add up to…this would be really hard to hack.

Finally, after a bit of chin rubbing…I came to the conclusion that the integrated pipeline may not be the problem at all.  Why do I even still need NTLM?  I mean if the only way for someone to access a web page on the site is to have a valid Forms Auth token then do I really need to force them to also have an NTLM token?  I went to bed content that I just need to leave NTLM behind in this case.

Now I just need to convince everyone that was pushing the original requirement for 2 level authentication that I don’t need it anymore.  Being that they don’t really understand the technology very well – that could be a challenge.  Since the way we got here was through a vulnerability scan of the web site in the first place – perhaps requesting another one will demonstrate my point and I won’t have to make them understand the why.

I will post an update on the outcome.

WordPress and Word

Microsoft Word has a feature to use Word to compose and publish a blog entry. I have used this periodically and have had mixed feelings about it. Now that I am hosting my own blog using WordPress I wanted to test this feature out again. How does it work with formatting different things and how well does the overall look and feel match the rest of the blog?

Here is some code…

static bool RenameFile(FileInfo fi, string newFullFilename)
{
   try
   {
        fi.MoveTo(newFullFilename);
        Console.WriteLine(“New={0}”, newFullFilename);
   }
   catch (Exception ex)
   {
       Console.WriteLine(“Error {0} renaming {1}”, ex.Message, newFullFilename);
        return false;
}
   return true;
}

 

Here is a picture…

I notice that it does not do multi column or other more advanced formatting normally available in Word. Maybe I will give this a shot since it does give you the robust spelling/grammar checking of Word.

PS.  I had to go into this post from the WordPress editor and clean up the code section.  The different way of single spacing something using <p> vs <br> is the issue.  Every line of code is a <p> when in fact I want it to end with <br>.  Oh well.  Not as good as I hoped.

I took the code above and plugged it into the code formatter I previously blogged about here.  It looks like the following, which in preview mode looks pretty good.

 static bool RenameFile(FileInfo fi, string newFullFilename)  
 {  
   try  
   {  
      fi.MoveTo(newFullFilename);  
      Console.WriteLine(“New={0}”, newFullFilename);  
   }  
   catch (Exception ex)  
   {  
     Console.WriteLine(“Error {0} renaming {1}”, ex.Message, newFullFilename);  
     return false;  
   }  
   return true;  
 }  

 

Is Google the New Microsoft?

I just got an email from Google on a new “feature” that is integrated into the gmail client; called Buzz. At first glance this looks and feels a lot like Facebook. So it got me thinking…

Is Google starting to feel like the next Microsoft? Is this path something Google is consciously trying to do or is it just a path that is inevitable?

First, a full disclosure. [I like both these company's technologies. I used to work for Microsoft and I still have a Microsoft technology bias (but I do own a MacBook). And my primary email account is my Google account and I own an Android phone. Phew, so now that I got that off my chest here is what I mean.]

There are at least four ways I have seen recently that made me want to write this blog entry…

  1. Leapfrog Innovation
  2. Purchase Innovation.
  3. ABG (anything but Google).
  4. All these lead to one thing…can you say Antitrust.

Leapfrog Innovation. I consider taking a good idea and making better – innovation. I am all for companies that can make something better than their competition; whether they came up with original idea is just an excuse the losers use. Of course if you use your size and power as a way of strong arming your friends and enemies – that’s a whole other story. Certainly Microsoft had some questionable practices back in the day. My whole take on that was stop the “packaging” and just make your software kick ass.

Purchase Innovation. This is a perfectly legitimate way of larger companies using their size and power (aka capital) to buy an innovator or a market leader. One of the companies I started had as a hidden part of the business plan to get bought out. I used to talk to a number of other people who were doing similar things who would admit the same goal to me. Google is just the new guy with all the money.

ABG. This reminds me of the Anything But Microsoft movement 10 years (maybe more now). I think this just comes down to people not liking really big companies; probably because they don’t trust them as much or just don’t identify with them. In both cases of these company’s respective histories they have been underdogs and people heralded their greatness. Then at some inflection point all that changes. There is probably more written on this than I care to read.

Antitrust. Obama’s antitrust czar and the EU are looking into this. Watch out. It was the combination of the Internet bubble and the antitrust rulings against Microsoft that caused the stock to tumble where it has been for the past 8 years (or so). As fortune would have it that is also right around the time that I looked like a financial genius and cashed in my options. The truth is that I had to cash them in and resemblance of genius was actually pure coincidence.

Outlook Rules

After reading the title to this entry I had to laugh. So am I stating an opinion on how I feel about Outlook (it rules!) or something else? When it the electrons from my brain told my finger tips to type this title I was definitely thinking something else. Hey man – words do mean something.

So after reading Hanselman’s blog entry (http://www.hanselman.com/blog/TheThreeMostImportantOutlookRulesForProcessingMail.aspx) over the Holiday about processing Outlook rules; I was inspired to revisit my own set of rules. When I was working at Microsoft (as Scott now does) I was totally overwhelmed with the amount of internal information flowing around the company; and at the time most of it was through email distribution lists. Between the stuff directed at me as part of my job (Microsoft Consulting) and the internal chatter; I was getting hundreds of emails a day. Without a good set of rules it would have been impossible to get through everything in my inbox.

That practice has stayed with me ever since and has served me well over the years. Two things have happened recently that I wanted to write about with regard to Outlook.

First I wanted to record this (http://office.microsoft.com/en-us/outlook/HA103869131033.aspx?pid=CH102499821033) article called “Outlook Meeting Requests: Essential Do’s and Don’ts”. As a long time Outlook user; I already do many of the things in this article. But there were some other nuggets in there that I found useful; especially around using rules on meeting requests. One thing I have been looking all over for and found on this page was how to turn off the acknowledgement to a meeting invite. There are a few meetings that I invite 20+ people to and I don’t need to know who has accepted and who has not. I had a rule just to catch all of these responses and move them off to a folder.

Secondly, I wanted to mention that about 4 months ago I became a Crackberry user for my work email. There were many things happening at work that I just needed to stay apprised of during the time I was not logged in. Well this changed the way that I wrote many of my rules. Suddenly I was not just filtering things so that my Inbox was less cluttered (and relatively prioritized). Now I needed more because the Blackberry (Bb) is synchronizing with my Inbox and my hip was buzzing for every email.

Side note – I cannot tell you how annoying it is that the Bb buzzes about 7 seconds before an email arrives in my Inbox. As if the little bubble pop-up isn’t enough of a distraction!!

So now I have two Inboxes. I have a series of rules that move everything EXCEPT the “hey a server is down” type of emails to my secondary inbox. The trick is to do this given the fact that the Bb service (on the Exchange server) sees only the emails that fall off of the server side rules waterfall. So I have been using the “Move” and “Stop Processing More Rules” combination much more. There are also some rules that are order dependent; which I am not happy with.

But the whole thing works relatively well now. It’s funny how refactoring my rules for the Bb may have actually made them better. Kind of like my code/designs; sometimes it’s not until a new requirement comes along that I realize a better way. As Hannibal Smith used to say (The A-Team) – “I love it when a plan comes together”.

What I would really love is for the Blackberry guys to give me a way to interact with the Exchange service running on the server. Let me write some rules separately, just for the device. I would not be at all surprised if such a thing exists and we are just not “with it” enough to have deployed it. It’s probably for the same reason that we deploy WindowsXP with the old Start Menu configuration (no MRU etc). Because someone felt that it would be just too hard and confusing to the users to change anything. Now that we have rolled out Office 2007 I better not hear that excuse ever again!!

TechEd: Something new, Something old

I am in Orlando, FL at TechEd. I have not attended that many TechEd conferences in my career; I was mostly a PDC bigot. I think this is my third or forth TechEd conference. There is another guy from my division here who is all of about 25 years old and I can’t help but notice the difference in how we approach the conference. The first thing of note is where each of us is at this moment – about 10pm on Monday night.

I am in my hotel room typing this entry and getting ready for bed. He is out partaking of the different events being sponsored by Microsoft and/or the different vendors here at the conference. I think I heard that there are things going until 1am tonight. There was a time when I would be out until the wee hours, stumble back into my hotel room for a couple hours of sleep and a shower and make the first session of the morning. On more than one occasion I was still a little (OK allot) intoxicated in that first session I have this image that my colleague is doing just that – but I don’t want to incriminate him .

Ahhh, youth.

I tend to go to sessions that fall into one of two categories; either ones on topics that I know very little about or where I want network with the presenter and/or other attendees. My expectation is that any detail I see here I will have forgotten by the time I leave. So I am just trying to get the gist of something. My colleague, on the other hand, seems to be focusing on WPF in hopes that he learns enough to start using it when he returns to the office. Part of the rationale I think is that I have to bring big concepts together and understand paradigm changes; whereas he needs to just bang out code.

Lastly, the food. I just can’t eat that conference food anymore. I am convinced that it’s the reason I ended up sleeping through a couple post lunch presentations. I realize that may be hard to believe after reading that I was still blitzed at breakfast. I have experimented enough with the permutations of this enough to know that the food was certainly the nail in the coffin. I think at 25 I could eat just about anything. Now 15 years later, it’s another story altogether. I think there should be a special dietary line for guys like me – I don’t know what to call it but I know what it would look like. Hey I know what you’re thinking – not it’s not a can of Ensure. It is much lighter; less pasta and meat more vegi’s and sustaining foods; you get the picture.

Anyway, times have certainly changed – at least for me. Maybe I can find the retirement room.