Trip to Ottawa and Requirements Traceability

I just got back from Ottawa, where last night I was speaking to the Ottawa .NET community about Visual Studio Tools for Office. (more on that later).

I wasn't surprised by the Grep Cup weekend inflated hotel rates, but I was surprised to find a “2.8% DMF Fee” on my hotel bill (on top of the 15% worth of federal and provincial taxes). Upon request, I was informed that this was a “Destination Marketing Fee” which goes to fund marketing efforts to promote tourism in the area. Various Ontario tourism centers (including Hamilton - go figure?) have been lobbying the provincial governments since post 9/11 in an effort for them to allow a tax (a real tax, not a fee) for the same purpose. This past summer however, the hotels decided that this was going nowhere so they decided to start collecting (on a voluntary basis) a fee (not a real tax).

Maybe it's just me, but I'm thinking the best way to attract people to your city is not to put a sneaky “DMF Fee” charge on those same people's hotel bill when they come to visit you and hope they don't ask about it. Even worst, because it's a fee charged by the hotel, and not a real tax - guess what - you pay tax on the DMF Fee. Icarumba! It turns out it's voluntary fee and not hotels collect it. The front desk staff sensed I was not pleased about being asked to pay for marketing fees on top of my room rate so they quickly waived the fee. But I wonder how many people willing pay this?

This all reminds me very much about requirements management and software development. Often, people, usually too close to the problem, design features into software that doesn't meet the requirements of the user. Take for example those goofy glyphs on the Lotus Notes login window. What about clippy? Is that satisfying anybody's requirements - or is it just pissing you off? With all of our best intentions, it is extremely important that we take the time to perform reality checks on what we are building against the requirements of our users.

Now to bring it all home. Do users really want to do their work in a web browser? Browsers are great for wandering and finding stuff, but do they want to see the value of their stock portfolio in a browser? You need to find the best environment for the job your users are trying to accomplish. If somebody is accustomed to using Excel to aggregate a bunch of their financial information, then maybe Visual Studio Tools for Office is the right tool for that job. While writing applications in Excel isn't exactly new, with VSTO you have the integration with the .NET Framework, Web Services, and the smart client deployment model, you can apply all professional development skills you have at your disposal to creating applications with Word & Excel. And don't worry, I have yet to see clippy show up in Visual Studio Office projects.


An Update on Whidbey/Yukon Release Dates

In case you missed it, in this article key microsoft executives are quoted as saying that Whidbey and Yukon are still slated to ship together but that won't be by end of June as earlier stated. They are now estimating that “summer” is a better statement of expected arrival. This may align itself nicely with the PDC 2005 September date. It sounds like both teams blame each other, but really, a lesson can be learned here for all of us: Cross product integration means longer delivery cycles. This is going to be a tough nut for our industry to crack moving forward, not just Microsoft. Is that what SOA promises?

Visual Studio Team System and XBox/Halo 2

What does project management, test management, defect tracking, build servers, methodology, automated testing, code coverage, and software diagramming have to do with Halo 2? I'm not sure really, but if you want both - then you need to come to the Toronto Visual Basic User Group meeting tomorrow night. I'll be doing a “powerpoint free” drive through of Visual Studio Team System AND raffling off an xbox console and a copy of Halo 2, worth about $270.  More details here:

Get lost, have fun.

Ok this is too cool. Bell Mobility has this Location Service called MyFinder. Using Cellular triangulation they can figure out pretty close to where you are. It costs 25cents to locate yourself on any Bell Mobility Cell phone with a browser (plus air time ). You can do things like find the nearest gas station to where you are right now (or ATM, restaurant, etc.) and then using Map Point will give you driving/walking directions. I tried out this service in Waterloo and it found me within a block of where I actually was. Bell says within 150m. In my example that would be pretty close. So your mileage might vary (no pun intended).

If you are lucky enough to have Sanyo 8100 or an Audiovox 8450/8455 you can also use MapMe service which will download a map to your device and your location plotted on it - along with nearby places. This appears from the screenshot to be something along the lines of a Pocket Streets derivative. It costs $5 (one time) for the software, and again 25 cents to be located per use plus air time (unless you have the Mobile Browser Bundle).

Bell Mobility also has a few multiplayer games that you play against people nearby. Less cool. Get a life.

Perhaps the most (potentially) practical is a #TAXI phone number that connects you with the first available taxi based on your location. It uses many cab companies. It sounds like they might find you a taxi parked around the corner but I don't think it quite works that way. It found my city and routed me to the phone number of the nearest taxi company. It also sent me a text message with their direct phone number. A $1.25 a call? The taxi company should pay for that - no?

You can develop applications using this service too. If you are lucky to live in Canada and be a Bell Mobility Subscriber - then you are in luck (as I am) since Bell is now providing realtime MS MapPoint Location Service. It almost makes up for being on a CDMA network and having that limited phone selection problem.

Microsoft MapPoint Location Server is a new component of Microsoft MapPoint Web Service. You will install this component (along with SQL Server) in your enterprise and using the MapPoint Web Service and location data from your provider you can get an inventory of all the people in your company and their locations. For doing dispatch type of applications, 150 meters is probably close enough. General Information on both here (

MSDN Universal, Enterprise, and Professional subscribers are eligible for a free subscription to MapPoint Web Service (a requirement of using MLS)(

Bell Mobility Developers Web site for location based services (



Oshawa .NET: Building Mobile Applications

I'm doing a talk at the East of GTA .NET users group tonight in Oshawa. This is the same MSDN User Group tour event sweeping across Canada. I'll be talking about some of the limitations of the Compact Framework and SqlCE. Should be fun - hope to see you there.

Registration Links and slides (afterwards) can be found here.

Penguins are sneaking into my house and leaving the doors unlocked.

In the past 3 weeks I have purchase, installed and used 2 Linux systems in my house....accidentally. First, I purchased a Roku High Definition Photo Viewer and MP3 video player for my TV. This is a nice little device that acts as a screen saver for your TV/Plasma Screen to avoid burn in....say of the DVD logo that you see from your DVD player when there is no disc inserted. The device sits between the TV and the rest of your home theatre video inputs - daisy chain style. It monitors the video traffic for no signal or no motion and after a time duration kicks in with your family photos. The photos can be retrieved over the network jack to a series of shares on your home network, or via a plugged in USB wireless adapter. It also has Compact Flash, SD/MMC, SmartMedia and memory stick slots. Not to mention of course I find out its running Linux. There was a bit of novelty involved in telnetting into my TV and using VI. That soon wore off when I discovered that the root password was blank, and that the change password binary was missing off install of Linux so I couldn't even change the password. Combine this with the fact that the setup wizard walks you through finding the network shares in your house and storing your userid/password credentials - this becomes a rather obvious security hole that could have been fixed by the manufacturers fairly easily.

Is this security attitude prevalent in the Linux world? I hope not, because yesterday I discovered another Linux box in my house.

I also recently acquired a NetGear Media Router. It's a regular router with the addition of a USB host port. This allows you to plug in a memory stick or a USB external drive to share as NAS storage. I was a bit surprised to see it show up in my Network Neighbourhood as a UPnP device named “Linux Internet Gateway“. There is also a GPL license in the box so I think that all points to it running Linux.

The device also has a nice feature that when you turn it on and it detects a network connection, it automatically decides to download and install updates to the flash bios. God forbid I turn the device off while it is doing this unbenounced to me. Bam, too late. I guess the power light goes from green to yellow when it's doing this. The 1 page card manual included with the device doesn't mention this nice “feature”. I found out the hard way. When you go the web page to administer the device in this mode you get to see that file system in it's raw form.

Downloading the manual tells me to reset the factory bios I have to hold down the reset switch with a pin for 90 seconds. Nice. I was able to do that but can't seem to get an IP out of the device any more.

I'm still evaluating the security risks of this device. It is slightly more secure with my data (via USB storage) by including a password on the administration of the machine - which is “password”. There is no password on the share it exposes and I can't see an option to put a password on the share so every body on my network (say when my geek friends come over and plug in) will have access to my financial records and family photos. Nice.

So I have accidentally installed 2 Linux boxes in my house with major security holes. I'm savvy enough to discover this on my own, but I doubt the typical residential consumers of these products would realize the security hole they are introducing into their personal data stores.

With the proliferation of these types of Linux devices into the average home, I'm sure this will draw the attention of script kiddies. Wouldn't it be cool to take over somebody's television set?  Maybe they'd throw some porn up during daytime TV, or steal my personal data - or delete it. Scary.

GDI+ Security Vulnerability

There is a new critical security vulnerability that affects a wide range of software that can't be easily patched through Windows Update. The vulnerability lies inside of GDI+ and can allow a maliciously formed JPEG image file to create a buffer overrun and inject malicious code - even through a web page's scripting or anything.

Windows Update will go ahead and update major components but you also need to go to the Office Update site as well as update a bunch of other software you might have on your machine.

In particular for developers, the .NET Framework (pre-latest service pack) and even Visual Studio.NET 2003 and 2002 are affected and need to be separately patched.

The full bulletin with links for all the various patches are available here.

If you go to Windows Update it will also provide you with a GDI+ Detection tool that will scan your hard drive looking for affected components. I strongly you recommend everybody jump all over this one quickly.

VS Live Orlando: Building "Operations-Friendly" ASP.NET Applications with Instrumentation and Logging

Yes, it's the longest title of all VS Live Orlando presentations! It's a big topic and it deserves a big name.

I'm heading out Monday night to hurricane country to deliver this talk on Tuesday morning. I like this topic because when you get into it, it's like an onion. It doesn't look like something terribly sophisticated but as you get into you find there are more and more layers to peel back.

Building Mobile Applications, Metro Toronto .NET Users Group

Tomorrow night I'm presenting at the downtown Toronto .NET users group - topic Pocket PC development with the CE framework. I'll have a new HP 4700 device with a VGA resolution screen for folks to take a look at - courtesy of your friendly neighborhood HP rep. I'll also have my trusty 5650 with the old form factor for you to play around with. Hope to see you there.


Shorthorn Longhorn

So this will cause a few blogs. I have just heard that....

  • Longhorn slated for 2006. Longhorn server 2007.
  • Winfx, and Avalon are coming to windows xp in 2006. Indigo as well - and on Windows 2003 as well. These are all part of WinFx that is going to be extremely important for .NET developers and companies wanting to take advantage of these improvements.
  • Winfs is leaving longhorn (post release). So that means ObjectSpaces and the Microsoft Business Framework too.

Wow. Never a dull moment. I'm attending a briefing with Jim Allchin in an hour so I might have more I can tell.

But will we also see a delay of ObjectSpaces or the Microsoft Business Framework until after the longhorn release. Those have been recently tied into WinFs - but no specific announcements about that - and I wouldn't be surprised if that changed soon.