I've been extremely busy professionally over the past week, so I apologize for the lack of content. The quiet is also admittedly because it's hard to follow-up the domain name entries, given the extraordinary level of interest they received.

Apart from ~30,000+ visitors to those entries, per day, continuing for about a week (and still tapering off), I was also phone interviewed on National Public Radio (broadcast throughout the US), quoted in an ezine, translated to other languages, linked by several hundred other sites (including the blogs of several people in this industry who I've admired for many years), and parts of the entry is going to be published in a reputable magazine.

That interest completely shocked me.

I obtained the domain name database for purely functional reasons, and threw up the entry of observations purely because I found a couple of the stats interesting (I love digging into data and finding interesting correlations and insights. I imagine how interesting it would be to delve in some of the large datasets like grocery store databases: Who doesn't look in the cart  in line ahead of them, drawing conclusions about the personality and lifestyle of the individual based upon their purchases? Imagine all of the fun observations one could derive from the entire database of purchases).

At most I thought the regulars would find it interesting, and was shocked to see the level of traffic. Apart from all of the wonderful comments I've received, and publicity for my consulting/software development business, the benefit to PageRank has been tremendous, and search engine referrals are through the roof.

In any case, I have several entries almost ready for publication, so content should ramp up again shortly.

Have a fantastic day and week ahead.

Data security has been on my mind lately, mostly after learning that approximately 700,000 laptops are stolen in the US per year. Add the armies of desktops stolen, the backup tapes lost, and the system compromises that occur, and the situation starts to look pretty grim for data security.

How secure is your data?

If someone stole your desktop, or snatched your laptop from under you at a coffee shop, what confidential information could they gain?

While most thieves aren't of the capacity or motivation to crack the syskey or circumvent NTFS permissions (which is as easy as booting up with a knoppix disc. File ACLs only matter if the expected host operating system is in charge), your response should be to assume that they do, and that they are now reading all of your documents, looking at all of your shortcuts and form entry values, browsing your Outlook notes of account numbers and passwords, and are playing with your tax returns.

The real-world cost of such a compromise can be extraordinary. Losing an expensive piece of equipment can be annoying, but it pales compared to the wholesale loss of data privacy.

Do you use EFS (more information here)? Do you have a Data Recovery key with the private key stored offline in a protected location? Do you know what syskey does? Are you aware of the upcoming Secure Startup (which basically is whole volume encryption)?

Are you comfortable enough with your procedures that the physical loss of a computer to theft would be nothing more than a financial expense and setup hassle, with marginal or no data exposure?

Came across the following video yesterday, and it serves as a mildly humorous worst-case scenario of the "How Secure Is Your Data?" entry from a bit back.

http://media1.break.com/dnet/media/content/stolenlaptop.wmv

As laughably over-the-top this professor's claims and grandiose threats are, most concerning to me was the obvious lack of confidence he holds in the integrity of data on his computer (a mobile computer no less, of the sort that close to a million per year are stolen in the US alone).

This computer was obviously stolen while unattended, and if even the rudiments of security best practices were followed -- use of some sort of encrypted file system, be it PGP disk, EFS in Windows, or similar technologies -- he should be able to write it off as a costly and inconvenient loss of some hardware. Instead, his hysterical threats make it out to be a matter of national security, to which every scary government agency will soon swoop down in the black helicopters. The perpetrator(s), we are told, must prove that the data hasn't been tampered with, and that it hasn't been copied (how, pray tell, does one prove that? It's the sort of negative proof that's rather difficult to contrive), and maybe then they won't be sent off to secret Eastern European prisons. Okay, I made that last bit up, but it's along the lines of the hyperbole.

From a professional perspective, I find the diatribe by this professor very self incriminating, hinting at terrible neglect in the management of data (purportedly other people's data as well, which should rightly make those third parties very angry). While it is almost certainly a ruse to scare a reluctant thief into confessing, it's akin to claiming that the guy who stole your car is in big trouble, because you just happen to store nuclear warheads in the trunk -- I'd have more of a problem with the guy with nukes in his trunk than with a petty thief.

Protect your data. Acting surprized when hardware loss occurs isn't acceptable, and is tantamount to gross neglect.

[Miles Archer has rightly pointed out in the comments that this video is a couple of years old. Nonetheless, we've had powerful encryption options for a long, long time. A decade ago I got the senior management, accounting and HR departments of a firm using PGPDisk for confidential data, separating the administration of systems (e.g. system ACLs) from the need and ability to access the data. It worked beautifully. Since then we've had numerous new, and more transparent, options for securing our data]

Some recent software installation trials and tribulations (Microsoft's Team Foundation Server, for those who wonder) have encouraged me to restate the observations of a prior entry, Adoption = (Functionality - Cost) ^ Ease of Use.

In that outing, I observed that the adoption (or avoidance) of a product is often correlated with the ease of taking the first step, along with the continued ease of using the product. While I focused on the usability and adoption of PVRs relative to VCRs, this premise holds true in the software field as well: Even among enterprise level applications -- huge, complex solutions that drive the engine of corporations -- the initial impression, or beginning evangelism, is often driven by the ability of some random tech guy to get the product installed and delivering some sort of value. All of the specialization, customization, and advanced uses will come later.

This can be demonstrated by analyzing the historic success of many Microsoft products. Compared to the Oracle of old, for instance, SQL Server was brainless to get running, and often found its way into many shops via MSDN subscriptions. Soon enough that MS Access developer was targeting SQL Server, tying themselves and their solutions to the product, in time taking advantage of all of its advanced functionality. The complexity of the product was "time-released". Microsoft Visual SourceSafe is widely considered an also-ran source control system, with a litany of missing functionality and known defects, yet it's the source control product in use by a huge number of software development shops -- Given how trivial it is to get going (versus many of the competitors that often demanded a sea of dependencies and configuration steps), many groups adopted it as a defacto source control product.

From hosting that first micro-project, it took hold until it was the foundation of the most compex of solutions.

The examples go on. Of course people would point to Linux as a counter-point, and to a small degree it is, even among the Linux camp the real adoption began when companies like Redhat made installation a simple "hit enter to all of the prompts" affair. Linux took off, while the more difficult to configure FreeBSD floundered.

Products took root, and then sprouted, because the first step was easy. This happens while much more capable solutions, with longer feature lists and a promise of a more rewarding long term, sit unloved and unused.

All of this had me wondering what part virtual machines could play in this equation. Virtual machine technology -- where multiple logical machines are virtually hosted on one physical computing box -- is a wonderful (and improving) technology that I still considering somewhat akin to magic. With Virtual Machine technology, whole platforms, including all required libraries, applications and configurations, can be delivered as an already running box, perhaps requiring nothing more than an IP address and some very rudimentary configuration. From source-control products, to wikis, to web application servers, virtual machine technology could allow for hugely complex solutions to be delivered in a "ready-to-run" solution.

Of course there are downsides to this approach. For instance it sort of eliminates reuse of common components (even requiring a separate OS instance for each virtual machine), yet common components are often the most fragile, perilous element of many applications. It isn't entirely a loss. Also there are licensing issues, such as the fact that you can't simply bundle a copy of Windows Server 2003 R2 with your virtual machine.

It's more a solution that works in the open source world, where you can release virtual machines configured with Linux, Apache, Postgresql, PHP, and so on, all along with your custom, ready-to-rock solution.

Unrelated Note: The mood pictures were taken at the Oakville 5 drive-in this weekend, which is one of the few movie experiences we get with two very young children. One usability note that I always observe at the drive-in is how many drivers don't know how to turn their daytime running lights off (here in Canada all vehicles have low intensity lights on whenever the vehicle is running -- even during the daytime -- which has been demonstrated to reduce accident rates). For those who don't know, on most makes of cars you can turn off the daytime running lights by engaging the parking brake before you turn on the vehicle. This isn't universal -- for instance I know some Ford models where it doesn't work -- but I've used it in a number of makes and models to success. This allows paranoid-about-their-battery drivers to start their vehicles at the drive-in without inciting a riot.

I've harped on the idea of securing your data several times over the past month. Not only is it a theoretical risk, but the data vulnerability hits seem to keep on coming. This time it was an employee that had a production database, containing the identity-theft vulnerable data for tens of millions of Americans. Apart from the fact that production, critical data was on a roaming PC, it seems likely by the response that the data isn't encrypted or protected in any meaningful way.

It's sad given that this is hardly the first time this has happened, and it'll inevitably keep on happening.

For close to two months now, I've been rather negligent of this blog. The reasons are numerous, however the following is a list of the primary causes.

• My wife is back to work as a laboratory scientist, now that maternity leave is complete, so "free time" (if such a thing exists with two small children) is getting squeezed entirely out, and...
  
• ...Professionally I've been extraordinarily busy, pursuing some new business avenues and opportunities, making it very difficult to allocate time to finishing articles-in-progress. 
  
  A partial motivation in maintaining a blog/original content system at the outset was to get some "cheap" (if the time dedicated to creating content was valueless) PR to drum up some consulting/software development customers, however that necessity has largely disappeared (and it was only intended as a fail-safe anyways. I never had to actively look for clients, instead relying upon business contacts and word of mouth. I've actually had to turn away most blog sourced  business due to a lack of capacity). Furthermore, as a PR vehicle for 360notes.com, I think the product itself will earn far more attention than any pimping in these entries ever would.
  
• Lastly, but certainly not least, the incredible success of the DNS entries makes everything else almost seem anticlimactic.
  
  I remember when I first started posting online papers, getting giddy to see that a half a dozen people read them in a week (and I carefully did reverse-IPs to see where they came from, following every referral back to the source), which I knew by downloading and looking at the logs every 15 minutes. As time went on, however, and readership increased, the "dose" required to have any motivational effect inflated, such that having several thousand distinct viewers (e.g. 10,000+ "hits", however nebulous that metric is) in a given day starts to almost seem like a failure (I see newspaper articles gushing about whatever human interest blog of the day caught their eye, and it makes me cynical seeing that they only have 600,000 visitors in a month. "That's only 20,000 visitors a day!"). It's strangely discouraging to think that new efforts will yield only a small portion of the attention the disposable DNS entries did.
  
  I'm completely over the "hit craving" stage that most bloggers/original content producers go through, and almost entirely disregard the stats. From this perspective, and hoping that I can find a small amount of available time, I'm going to finish up some long-in-the-making articles, along with some other content that I've been wanting to explore. Through it all I promise to disregard the stats.

Thanks for reading along, and have a fantastic day and week ahead!

Dennis

Some educational shows for development shops and development managers can be found, surprizingly, on the Food Network (US, Canada, not to mention that many are played on, and often originate from, various other "lifestyle" type channels).

Some of these shows are homegrown, such as Restaurant Makeover and Opening Soon, while others are imports, like the excellent Ramsay's Kitchen Nightmares, Jamie Oliver's School Dinners, and Jamie's Great Escape.

You've probably gained the impression that I'm an epicurean, interested in the operations of the restaurants, and probably dreaming of the day when I can open my own ("We'll make the best French onion soup ever!"). While I do like well-prepared menu delights, the food is the least interesting part of these shows, in my opinion. And I have zero interest in opening a restaurant (the dream-crushed rate among restaruranteurs has to rank among the worst for passion pursuits), and like small-talk as much as I like getting a tax bill.

Instead the real message of these shows boil down to -

• Passion - When you don't have passion, it's hard to enjoy yourself, much less produce a good product. Whether it's a cook that's using mix to make soup (a "copy/paste" chef), or a software developer judiciously copy-pasting, doing the minimum possible to stay employed, dreaming of whatever comes after the work day ends.
• Communications - Open, honest communications is critical in a team, keeping everyone on the same page, letting everyone contribute to the success.
• Simplicity - a bad core product isn't made better by embellishments and complexity. The more focused a product is, the more likely it will be of quality.
• Realism - the end result of realism is usually simplicity, and it's a realization of what your strengths and domain really are, allowing you to narrow your focus. Trying to cater to all guests, or in the case of software to build solutions that handle any problem, is bound to lead to a third-rate solution (or meal) for a wide audience, but a first-rate solution for no one.

Situations analogous to the software development process endlessly play out between chefs and his staff (team managers/leads and their team members), the chef and the front-room staff (team managers/leads and business partners), and the restaurant and customers (the organization and end users). Many times the solutions parallel how the similar situation would be solved in the software development field.

If you relax to television on occasion, and mourn the summertime (speaking to the Northern hemisphere in that statement) dearth of original programming, check out some of these shows for an informative eye-opener.

We're the chefs and menu planners and sous chefs and pastry chefs of the digital world.