Geeks With Blogs

News


Dylan Smith ALM / Architecture / TFS

Headed over to the Boston Convention Center today for the pre-conference session, and the keynote.  I was booked for the pre-conference talk on Software Architecture.  The thing ran from 10am - 6pm, with a bunch of breaks in between.  So it was pretty long.  It was hosted by Ron Jacobs, and he is an amazing speaker.  The content was kind of hit and miss, I found some of it really interesting, but half of it was just kind of “blah”.  The lecture was interspersed with a bunch of live interviews that Ron did with certain industry people right up there at the front.  Asking them questions about what their opinions and experiences with the topic at hand.  Was a nice way to break up 7 hours of powerpoint.

Some of the stuff that was said really rang true, especially about users not being very good at expressing (or even knowing) what they need/want.  But that they are very good at telling what they don't want, or when what you show them isn't right.  I run into that every day at Westeel, and got me thinking about how and if we could/should adopt a more agile approach to try and better work within our circumstances.  Ron recommended a couple books which I might pick up from the bookstore if they have them: Head First Design Patterns,  and Anti Patterns.  If you've read either let me know what you think in the comments.

One of the interviews they did was with a CTO (I think) from a company that makes software for banks.  The topic at hand was security.  Hearing about all the efforts that is put into security around bank software was pretty interesting.  To give you an idea, he was talking about the massive efforts they go to to eliminate single-point-of-failure scenarios, one of them being a network load balancer.  The way they avoid the situation, is by having each web server perform it's own load balancing between it and the business tier by constantly monitoring the business tier servers by using an electronic “heartbeat”.  Each web server then has it's own data about which server can best handle a request at any given time.  And the load balancing is completely independent on each web server, so if any one web server goes down it doesn't affect the load balancing being performed on the rest.

Another concept they talked about was the importance of Defense In Depth, referring to the practice of having multiple redundant layers of security so that if any one layer is compromised, there are still other mechanisms in place.  A good example he gave was of a buffer overflow vulnerability found in the WeDAV portion of IIS not too long ago.  They issued a patch for Windows XP, and 2000, but Windows 2003 was not affected because it uses a Defense In Depth approach to security:

1) The specific vulnerability was actually removed during a security code review of Windows 2003 during development.

2) Even if the vulnerability still existed, IIS is disabled by default

3) Even if IIS was enabled, WebDAV is turned off by default

4) Even if WebDAV was turned on, the input in this specific case is limited to 16kb

5) Even if the input wasn't limited, the buffer overflow wouldn't be a security breach because the code was compiled with the -gs flag to prevent buffer overflow attacks

6) Even if the code wasn't compiled with -gs, by default the w3wp.exe runs under the Network Service account and doesn't have priviledges to anything sensitive.

 

The keynote later that night was ok.  The technology they talked about was not really my cup of tea, and it was alot of marketing speak.  They did a spoof of 24 called “4” where they had a set of 4 videos, a couple minutes each on the 4 promises Microsoft is making to it's customers.  It was pretty funny stuff, and they brought out the actor that plays Chloe in 24 to talk to us for a while.  She was pretty hilarious, and looks alot better in person than on the show.

After the keynote was over, about 10,000 people made a mad dash for the shuttles to get back to their hotels.  I felt alot like cattle being herded.  When we got on our bus the driver stood up and asked if anybody knew their way around because he was from out of town and didn't know his way around too good.  We all had a good laugh at his joke.....until he got lost and we realized he wasn't joking.

After dropping my bags off I headed out for a bite to eat with some EDS guys, and realized just how happy I am with my hotel room.  The one that D'Arcy from EDS has is about the size of a large closet. I'm at the Marriott and my room is up on the 35th floor with a great view of downtown Boston.  It's got big floor-to-ceiling windows, and a nice big room.  One of the nicer hotels I've stayed in.

When I figure out how to get the photo's and video's off my RAZR I'll post some of the better ones on my blog.  D'Arcy got a bunch of great photo's of the keynote with his fancy camera.  I'll grab those off him tomorrow and post a few on here.

Posted on Sunday, June 11, 2006 9:52 PM | Back to top


Comments on this post: First day of Tech-Ed

# re: First day of Tech-Ed
Requesting Gravatar...
I read the Head First patterns book and loved it. It's just fun to read and along the way has some great ways to think about how patterns fit together. It helped expose some design flaws in my own project.
Left by Mike Nichols on Jun 12, 2006 12:21 AM

Your comment:
 (will show your gravatar)


Copyright © Dylan Smith | Powered by: GeeksWithBlogs.net