I've been running as a non-privileged user (e.g. not an administrator account) for a while now, reducing the security risks of day to day computing. This was spurred on by the rising prevalence of root-kits, which are even being unleashed on an unknowing public by respected corporations. 

While this is simply a well-known good practice, it is remarkable how many ridiculous little irritants one runs into trying to do this: Even widely used applications like winamp fail to run as a non-admin without security tweaks, and of course you can't even open the system tray calendar without customizing your user rights. Thus far I've been very impressed by the behaviour of Visual Studio 2005 and friends, which seem to do a great job of living within the constrained permissions. I have to su every now and then to do some administrative tasks, but the threat window is vastly reduced.

Of course we all know that this is simply a good practice (and I would have done it far earlier if not for some demanding development tools), just as a number of other standard but sadly ignored security precautions should be the norm. On this theme, earlier today I was wondering if there was a "Computer Security Day" - A day when people could be gently reminded to take computer security initiatives (such as not running as administrator) to make the computing world better for everyone: While it might seem like it's only for individual gain, we all gain when there aren't millions of zombie computers at the bidding of hackers and spammers.

Turns out that there already is such a day. It's actually coming up in just a couple of weeks, as it occurs every November 30th. Which brings me to my real comment - scheduling such a largely business-related event to occur on a specific calendar day is ridiculous, and of course almost 30% of the time that's going to fall on a weekend. It seems only logical that it should have been the 3rd Tuesday of November, or whatever.

I needed to post a support question to Electronic Arts support today (long story), and like many sites they force you to create an account.

Fine. So first things first I have to create a user account, and it's asking for a username.

dforbes...sorry that account name is already taken
dwforbes...sorry that account name is already taken
dennisforbes...sorry that account name is already taken
denniswforbes...sorry that account name is already taken
dennis.forbes...ILLEGAL CHARACTERS!
dennis_forbes...ILLEGAL CHARACTERS!
forbesdennis...sorry that account name is already taken
RRR...sorry that account name is already taken
blah...sorry that account name is already taken
blah999...sorry that account name is already taken
RRRRRRR999...taken

I'm not kidding. It was actually proposing ridiculous available alternatives for each, so I didn't have to keep trying, but at this point I was just punching in random strings to see how huge and polluted their database really is. It's big, and it's polluted.

These sorts of user accounts irritate me because I already have a globally unique account - my email address. No one else, in the whole wide world, has the same email address as I do. Furthermore I don't have to remember whatever oddball account you've forced me to take through arbitrary and site-unique username restrictions: Just use an email address and you can allow whatever is allowed in the RFC (it's all documented there for you), and when I get there I'll know what my username is. Why it's my email address! You're forcing me to enter it elsewhere to validate the account anyways, so you might as well go all the way with it.

I wrote about Riya previously, expressing a bit of skepticism about the technology. I should temper that by saying that I've never used it, and the most I've heard about it are some cursory micro-reviews, but my skepticism is based on the history of facial- and scene- recognition technology, and the barriers this product has supposedly overcome: Facial recognition, like character and voice recognition, has to be accurate enough that it is more beneficial than detrimental (e.g. nuisance false positives, and detrimental false negatives), and historically the latter is far more prevalent. Sure we'll get there, but it's just surprizing that a company could go from the primitive stage that we're at today to such an advanced stage, all in just one step.

Anyways, today I happened to look at my keywords to see that there has been an explosion of Riya postings - Google, or so the story goes, has put a $40 or $60 million dollar offer to buy Riya. If you follow the blogs around you'll discover the big circular authority that is prevalent in these sorts of "blog scoops", with A attributing his source to B, but B hilariously points to A as the authority. Remarkable stuff. Like the technology itself, it could very well be true...but I certainly would take it with a mountain-sized grain of salt.

Indeed, if Riya is as capable as we've been told, I'd say that $60 million would be grossly undervaluing the IP - This would make a photo service stand head, shoulders, and torso above its competition, and I'd be looking for a number more like $400-$500 million. Seriously.

I had an interesting conversation today in relation to caffeine, and techniques to eliminate it from one's diet. I offered up my opinion, which was that the elimination of caffeine should be done gradually - this is true for most lifestyle changes - to minimize the negatives (e.g. headaches) and to maximize the probability that it will be sustainable. For instance in my case I cut caffeine by alternating "real" with swiss-water decaf in increasing ratios, even mixing up the blends, and by mandating a full cup of water between cups of coffee. It worked wonderfully, and in a short while I was off the dastardly white stuff.

What was more interesting than the coffee conversation, though, was the replies that came regarding my brief background story where I explained why I cut caffeine: I had mentioned that I was preparing for a trip to Italy for two weeks, and hearing about the extremely strong coffee there, and the general lack of availability compared to here, I wanted to avoid both stomach upset and spending half the trip searching for outlets of Anthony Hortinos. So I decided to eliminate coffee before leaving. It worked perfectly. Naturally this outraged some people: "But isn't coffee in Italy the best coffee in the world?"

Ignoring the entirely practical reasons why I didn't want to do coffee in Italy (and anyone who claims that convenience coffee is as widely available in Italy has never been here in Southern Ontario), the absolutism about such a subjective point is what strikes me as ridiculous: While sometimes a region has constituent accessibility that gives them an advantage or specialty (e.g. seafood is generally better on the East Coast where it's fresh from the ocean...unless it was on a long run trawler that is), often it is subjective regional preferences that people confuse with superiority or inferiority.

For instance a common mantra here in Canada is that our beer is "better" than in the US, because there the general American consumer prefers a lighter blend than Canadians do. We get misled into thinking that we have some sort of material advantage in beer making, confusing subjective choices with absolute measures. And of course the Brits think their beer is "better" still, because they prefer a thicker beer. It's all so inane.

The Canadian Launch Tour 2005 presentations and other material can be found online now at http://www.microsoft.com/canada/launch2005/event_presentations/default.aspx#ps. Well worth a look. I posted about this event on November 8th.

[Launch2005]

I've come across comments about SQL Server "leaking memory" countless times during discussion group spelunking, seeing one yet again this morning. Generally it goes something like "after 5 days, SQL Server is consuming almost all of the server's memory, so we have scheduled a weekly reboot to deal with it. Man, I wish Microsoft knew how to write software!" (you could replace "SQL Server" with "Exchange").

While it is entirely possible that SQL Server does leak memory in some edge scenarios, what most people are seeing is actually nothing of the sort, and they are actually reducing their systems performance continually recycling it. This is because SQL Server is a memory caching system, and as it reads pages in it will attempt to memory cache data to satisfy future reads, using more and more of the available memory as a data cache, unless explicitly given a limit. It's for this reason that a 4GB server is generally faster than a 512MB server for large databases-  more of it fits in memory, reducing the I/O requirements for reads (obvious writes are immediately persisted). SQL Server only grabs the memory on a need basis: When someone does a table scan of some occasionally touched table, it might request a memory cache for it, making SQL Server's memory footprint larger. If you monitor it over time it'll look like it's endlessly edging up, when in reality it'll release memory if something else starts asking for it, or as it approaches memory exhaustion.

In most situations this is ideal - or did you buy all of those memory sticks to sit unused? The only time that it really is a problem is on shared servers where SQL Server has to play nicely with another "use all of the memory" applications (like Exchange, or in some cases even the garbage collection model of .NET). In this case you might want to restrict both servers to a maximum amount of memory, or let them thrash it out.

One of the overlooked, but incredibly usable, benefits of SQL Server 2005's Management Studio over Query Analyzer are projects and solutions.

Not only is it great to be able to gather common scripts together into "projects" (e.g. "Server Maintenance"), and projects into solutions (e.g. "Insurance Administration Database"), but even better is the tight integration of source control into Management Studio - now you can actually have properly source controlled script repositories, even including common connections, with automatic change management. This will be an administrative and workflow panacea for a lot of teams, and will greatly improve script re-use.

Very nice.