IDG's newsweekly, InfoWorld, is moving to an online-only format (Read Steve Fox's, its Editor-in-Chief, discussion). Fox says that InfoWorld is not "going away," but so far the conversion of a print readership to online has been, at best, problematic. There have been some credible attempts ( Byte, for instance) but the problems are considerable, not least that the business instincts of a print publisher must be overridden regularly in this different medium. I'm not saying it's impossible, and wish success for Infoworld's staff, but this is yet another instance where I am grateful for having left the business aspects of publishing behind me.

In the airport today, I saw a fellow browsing Sudoku books. Flipping through them, seemingly evaluating pages as one might check out a writer's style. I thought about going up beside him, looking over his shoulder and saying "Well, that one's trivial," or "Oh, that one."

Last night I had a dream and it had something to do about useless wedding gifts. One thing was a quilted earpiece caddy for eyeglasses -- you slipped it on over the ends of your eyeglasses while leaving your glasses on the counter overnight in a cold climate, thus avoiding that annoying "gee, my eyeglasses are chilly," feeling that ruins so many a cold morning. What's sad is that I know if I pick up a Sky Mall in the plane, I'll see something even more absurd.

Naysawn has announced that the Visual Studio unit testing framework (MSTest) is moving into the Pro SKU of Visual Studio. That's a good start, but I want to lobby for going the whole way:

Please move the unit testing framework into the .NET framework.

Source: MSTest Moving to VS Pro
Originally published on Wed, 28 Mar 2007 08:35:00 GMT by Brad Wilson

And there was much rejoicing...

Of course, Brad's right that unit-testing libraries ought to move into the base library, but the VS tools are sophisticated enough to be implemented solely as VS add-ins.

I've never met Kathy Sierra. I don't subscribe to her blog. But I am utterly, utterly appalled to hear that she was subjected to death threats and, while those who threatened her are below contempt, nor should there by the tiniest portion of toleration for those who attempt to make light of such things. No. Wrong. That the Internet provides an amplification to the voice of the disenfranchised and the unhappy, to the untrained and the counter-cultural, is commendable, but in no way, in no way, does this excuse anyone, anyone from the power of the written word or from the affect of the public voice. That the Internet already plays host to hate, to misogyny, to racism, to all that shit -- in no way do those facts mitigate the responsibility of those who write.

Apparently, it is known who is most likely responsible for the threats. I hope they're prosecuted and I hope they go to jail.

Dream Games has extended their registration date for their Build a game in a year and increased the prize money to $10,000. They have also explictly stated that TorqueX based games will be allowed. Last date for registration is April 1st 2007

Source: Another $10,000 competition - for TorqueX Originally published by zman@thezbuffer.com

I almost landed a 25-article contract for high-performance programming for which I was going to develop a game. I had the games all designed, too. Oh well. None of us can afford a significant amount of programming for a purely speculative reward, but if you have the intention of developing a game anyway, what harm would it be registering for the contest?

The easiest Jolt vote I've made in years was for stpBA Storyboarding, a product which every architect and team lead owes themselves to evaluate. I would say it is revolutionary, but it is better than that -- it simply makes the way you probably already work vastly more efficient.

Essentially, it is a product that transforms screen-based storyboards into requirements and work-items. Based on (and in) Microsoft Office, you mock up screens using Visio and link them together using arrows. And then it transforms that into work-items. That's it. Simple. Obvious. Just works.

I could say that storyboards are one of the few diagrams that are universally comprehensible and producible by designers, users, and developers. I could say that usage-centered design, as laid out by Larry Constantine & Lucy Lockwood, is the most efficacious way I know to elicit requirements. I could say that the downside of storyboards has always been tracing their detail to and from work-items, and so they've traditionally been a "write once" work product. But I don't need to say that, because it's all so obvious.

It's really an eye-opening product -- download it, install it in a VM, you'll be happy.

The only rub being that I really do mean "install it in a VM." That it is essentially a Visio plug-in is both a strength and weakness of Storyboarding. Today, it only works with Office 2003. An Office 12 version is in development, but this is the type of product that, once you've tried it, you don't want to be without. Like all Jolt judges, I make extensive use of virtual machines (the awarding of a Jolt to VMWare Lab Manager was no shock) but Storyboarding was one where I felt that tuning up a dedicated virtual machine was very much the "way to do it." Perhaps due to the opaqueness of Office as a plug-in host, getting Storyboarding up and running took a little tweaking. If I recall correctly, before I attached the VM to the Internet to register/validate Office, there was some silent error that led to features not being enabled. Also, the workflow within Storyboarding was not immediately obvious, since it relies on its own pane within Visio and the potential is not quite unleashed by "press the buttons left to right." It's not a long learning curve, but it's longer than learning Peggle.

Highly recommended. (Storyboarding, not Peggle. If you wish to ever have a productive day again, I advise you not try Peggle.)

The Jolt Awards were announced last night. The list of winners is below. We had some particularly competitive categories this year (in Technical Books, I advise you to simply fill your shopping cart with the finalists). Most delightful, this was a year where there was some real innovation, which I'll highlight in some individual discussions.

1. Books General

Jolt Winner:

• Agile Software Development by Alistair Cockburn (Addison-Wesley Professional)

Productivity Winners:

• Catastrophe Disentanglement by E. M. Bennatan (Addison-Wesley Professional)
• Practices of an Agile Developer by V. Subramaniam and A. Hunt (Pragmatic Bookshelf)
• Software Estimation Demystifying the Black Art by Steve McConnell (Microsoft Press)

2. Books Technical

Jolt Winner:

• Head First Object-Oriented Analysis & Design by B. McLaughlin, G. Pollice, and D. West (O'Reilly Media)

Productivity Winners:

• Code Quality by Diomidis Spinellis (Addison-Wesley Professional)
• Refactoring Databases by Scott W. Ambler and P. J. Sadalage (Addison-Wesley Professional)
• CSS: The Missing Manual by David Sawyer McFarland (O'Reilly Media)

Jolt Winner:

• AccuRev 4.5 with AccuWorkflow (AccuRev)

Productivity Winners:

• AnthillPro3 (Urbancode)
• Perforce SCM (Perforce)
• Team Foundation Server (Microsoft)

4. Collaboration Tools

Jolt Winner:

1. Confluence (Atlassian Software Systems)

Productivity Winners:

• Adobe Acrobat Connect Professional (Adobe Systems)
• NetBeans IDE (Sun Microsystems)
• TeamCity (JetBrains)

Jolt Winner:

• Visual Studio 2005 Team Edition for Database Professionals (Microsoft)

Productivity Winners:

• Coral8 Engine (Coral8)
• Dbdeploy (ThoughtWorks)
• SQL Refactor (Red Gate Software)

Jolt Winner:

• stpBA Storyboarding (stpsoft)

Productivity Winners:

• Corticon Business Rules Modeling Studio (Corticon)
• MagicDraw UML (No Magic)
• Stylus Studio 2007 XML Enterprise Suite (DataDirect Technologies)

Jolt Winner:

• NetBeans IDE (Sun Microsystems)

 Productivity Winners:
IntelliJ IDEA (JetBrains)
IronPython (Microsoft)
Wolfram Workbench (Wolfram Research)

8. Enterprise Tools

Jolt Winner:

• Cape Clear ESB Platform (Cape Clear Software)

Productivity Winners:

• Liferay Portal (Liferay
• Appistry EAF (Appistry)
• Pentaho Open BI Suite (Pentaho)

Jolt Winner:

• NetAdvantage for .NET (Infragistics)

Productivity Winners:

• JViews (ILOG)
• .NET Framework 3.0 (Microsoft)
• Intel Threading Building Blocks (Intel)

Jolt Winner:

• Carbide .c++ Professional Edition (Nokia)

Productivity Winners:

• Crossfire (AppForge)
• NetBeans Mobility Pack and Sun Java Wireless Tookit (Sun Microsystems)
• Qtopia (Trolltech)

Jolt Winner:

• Rally Enterprise (Rally Software)

Productivity Winners:

• 6th Sense Analytics (6th Sense Analytics)
• Teamwork (Open Lab)
• V1: Agile Enterprise (VersionOne)

Jolt Winner:

• AppScan (Watchfire)

Productivity Winners:

• DevInspect (SPI Dynamics)
• Fortify Source Code Analysis (Fortify)
• Metasploit Framework (Metasploit)

Jolt Winner:

• AgitarOne (Agitar Software)

Productivity Winners:

• Mindreef SOAPscope (Mindreef)
• Parasoft SOAtest (Parasoft)
• TestComplete (AutomatedQA)

Jolt Winner:

• TestTrack Studio (Seapine Software)

Productivity Winners:

• JIRA (Atlassian Software Systems)
• OnTime 2007 (Axosoft)
• Software Planner Professional (Pragmatic Software)

Jolt Winner:

• VMware Lab Manager (VMware)

Productivity Winners:

• Adobe Captivate 2 (Adobe)
• ElectricCommander (Electric Cloud)
• Textmate (MacroMates)

Jolt Winner:

• Adobe Flex 2 (Adobe Systems)

Productivity Winners:

• IntelliJ IDEA (JetBrains)
• Mindreef SOAPscope Server (Mindreef)
• NetBeans Visual Web Pack 5.5 (Sun Microsystems)

Jolt Winner:

• Sun Developer Network (Sun Microsystems)

Productivity Winners:

• CM Crossroads (CMC Media)
• Koders.com (Koders)
• Krugle (Krugle)

HALL OF FAME

• IBM developerWorks (IBM)

I started to write a post on version-control patterns ("How to pack your trunk") when I realized what a can of worms it was. Essentially, every time I wrote down "the way I've always done it" I realized that there were always trade-offs -- that what worked in some situations wouldn't be appropriate in others. In other words, that there really was a need for a pattern language for discussing version-control / change-management.

I'm not talking about "use version control," which has (thankfully) become standard. I'm talking about the organizational memory of your software development team. For instance, I generally organize by deployment task -- /Web, /App1, /App2, /Utilities, etc. But in a more service-oriented environment, it might definitely make more sense to organize in a more use-case driven manner: /admin, /tradingpartner1, /tradingpartner2, /internalclient1, etc.

Umm... Am I missing a well-known resource on this issue? Basically, the post quickly grew towards article length while hardly scratching the surface. I could throw up a Wiki on the topic easily enough, but I don't want to duplicate effort. Thoughts?

Perhaps Twitter is the rock-and-roll of a generation that I am too old to get, but even with my vast ego, I find it inconceivable that anyone would want to receive an SMS of the minutiae of my life ("Driving to Costco," "Taking a break and throwing some darts").

However, every real project that I work on involves logging and developing some kind of "heartbeat monitor" for the administrators. If Twitter is easily hackable, perhaps it could be used as the infrastructure for logging. Hmm...  

Thee UMPCs up for grabs in this CodeProject programming competition:

...must allow new means of input: ink, touch, and more. Build a great application that encompasses these needs, write an article about what you’ve done, and you may win one of three cool Samsung Ultra-Mobile PCs.

One winner per month, 3/15/07–6/15/07.

Hmmm.... maybe make that two UMPCs still up for grabs ...

Unusually, I find myself disagreeing with Jeff Atwood and his statement that "Any 404 page that has the characters "404" on it, if not already an outright failure, is already well on its way to becoming one." Jeff's larger point is that one not use the default 404, which is good advice. But I think it's a mistake to actually remove the code, which is concise and meaningful to experienced users.

I wasn't going to name names, because I do not know the vulnerability which allowed a rootkit to be installed on my system. I may well have been the source of whatever vulnerability by which the system was compromised.

But this "Hacker Safe" blaze front and center on the iPower homepage is infuriating. The blaze is provided by way of ScanAlert. Judging from the logs that I saw before I was disconnected and lost the system, multiple machines within the same subnet as mine were compromised. The technical support from iPower was beyond unhelpful: the "live technical support" is provided by a call center that is not physically located with the data center. After the initial problems on Tuesday, we requested a local reboot and tighter reconfiguration. They couldn't do it. Their only offer was to repave the machine and make it available to us over the Internet without any hardening of the attack surface! They couldn't even activate a firewall for us or modify the ACL. We told them to go jump in a lake earlier today -- four days after we discovered the compromise. Oh, and they're not refunding us any of the $7,000 or so we paid to set up (multiple) servers with them.

iPower is "Hacker safe"? I suppose so, in a sense.

Highly not recommended.

Jon Udell suggests that if we have travel-like learning experiences online, then perhaps some of the non-obvious benefits of travel would also accrue in online environments. It's a nice thought, but I'm thinking that you don't necessarily choose "Gears of War" as your meeting ground.

However, the real-world development of software product lines is hampered by the real-world limitations of maintaining a stable center as the product-line offerings spin off in a widening gyre...

Going Over the Software Product Line is the title of my latest SD Times column.

So one of my servers is totally compromised by a rootkit called Hacker Defender. I've spent the day trying to clean it off, and I think I just pronged it for good (cross my fingers). It's funny how I discovered the problem (and by funny, I mean, there's nothing funny about it this): my Tomcat-based task manager (Jira) stopped working. It threw a ClassNotFoundException when loading. That's odd, thinks I, and switch to the relevant /classes directory and -- sure enough -- the /com folder leading to the classes is gone.

I sent out a message to users ("Who fracked with the server?") and, after some stumbling around, explicitly unpacked the classes into that directory and ... they disappear ...

It turns out that the rootkit (or its payload) installs a significantly sized Java-based web service and then hides the .class files from Windows (I think the evil hidden process actively hooks kernel .dlls and hides .class files). Well, the same logic that hid the evil Java classes hid my good Java classes. And thus began my education.

So, long story short: I highly recommend Sophos Anti-Rootkit, which was able to diagnose the rootkit automatically and not-quite-automatically allowed me to locate and delete the critical initialization file that re-infects the system every time it is rebooted. (It is not enough to delete the driver!)

Now that the hidden files are visible, what does it turn out my system was doing? Trading movies. These guys f***ed with my system in orded to swap a cam of Norbit in German. F***ers.

Okay, so now I have logs of a whole bunch of machines, all presumably in the botnet. Do I send these to someone?

Update: OMFG. Someone from a British Telcom range just logged on (anonymously -- how the f*** is he doing that? The guest account was never enabled, I've changed the name of the admin account, I've changed every password on the f***ing system), booted me off, and now I can't access via Remote Desktop. Well, it was a nice server while it lasted...

The weekend box office receipts aren't yet published, but if Makalapua Cinemas in Kailua Kona are any benchmark of the American viewing population (and they aren't), I predict that 300 will either set or approach record revenues.

We actually saw Zodiac, which was excellent (it's ending challenges you to consider the gap between "preponderance of evidence" and "beyond a reasonable doubt," and does so not from an authorially introduced ambiguity, but from the question of human obsession projecting patterns into mountains of circumstantial evidence), but there were huge lines for the multiple screens showing 300.

But the real joy was two boys in line locked in combat on the battleground of Thermopylae. 

Now, it may be that the history of the Greco-Persian wars are taught in some crusty ivy-shrouded prep school in Connecticut, but I'm quite certain that it's not in any curriculum in Hawai'i. And, let's be honest, it's not in that category of "things a curious teenager might be expected to know." That there was a city-state called Sparta -- sure. That they were famous warriors -- okay. Other than that, I insist that everything I heard was either made up on the spot or gleaned from Wikipedia in anticipation of the movie.

Which is fine. That's how I learned about the battle of Thermopylae. But what was classic was that these two young men were trying to impress several lovely young women and, locked in intellectual battle, carried themselves well beyond their depth. And, having misremembered vital details of the Wikipedia article they found themselves not only (wrongly) explaining the outcome of the battle, they were asked by the young ladies what happened next in the war. Which they didn't know. The one lad's courage failed and he stammered something "Well, watch the movie," while the other, bold warrior, took the chance and won the battle-for-fair-hearts by saying that the Persians retreated. And then, sadly, I had to go get my bucket of popcorn.

 Human drama. It never changes. He was a smart kid and I hope that he finesses his way out of his problem. He'd done the critical thing: getting the girls interested. Enthusiasm, confidence, a good story: Well done. But, my boy, you have to know "what happens next?"

The Pragmatic Programmers have a very good sense of software developmet trends -- they're doing today what O'Reilly did in the early 90s. Coming in July from them is Joe Armstrong's Programming Erlang. Erlang is seen by programming language mavens as one of the real contenders for the crown of "most practical language for writing concurrent programs." I haven't sensed any real groundswell for Erlang recently, but a great book on the language might well contribute to an uptick in popularity.

I don't know if I missed an epochal MSDN article or what, but all of a sudden, PowerShell scripts are everywhere. There are too many to point to, but when it gets to the point of posting World of Warcraft utilities, something's afoot.

Andrew Binstock discusses a talk with Agitar about "how many unit tests are enough?" The upshot is that if the amount of test code is roughly equal to the amount of application code, that generally translates into code coverage of around 70% and is generally "pretty good shape."

I think that's probably about right, although I'll admit to rarely maintaining that level in a serious project -- shame on me.

I know that sounds like a some kind of Bayesian spam-evader, but apparently Edward Herrmann, a programmer at Colgate-Palmolive, and colleagues hacked their Wii controller to send messages to their Ruby On Rails application, which drove their SAP system (film after the jump). What a geek-tastic transcendance of normal categories.

Thanks to Anthony Beecher for the tip!

Normally, I don't have a lot of problems making decisions like this, but I've changed my mind 3 times about which book will get my top vote in this year's Jolt Awards for Technical Books. This is a very, very good set of books:

Books (Technical)

Code Quality (Addison-Wesley) by Diomidis Spinellis

How to Break Web Software (Addison-Wesley) by M. Andrews, J. Whittaker

Java Concurrency in Practice (Addison-Wesley) by Brian Goetz et al

Rails Recipes (Pragmatic Bookshelf) by Chad Fowler