Category Archives: Uncategorized

Technical Consulting

Life changes pretty fast sometimes when you aren’t watching. I woke up today and realized that much more of my work is involved in keeping projects on the straight and narrow and much less is spent making database fields show up in the right place and with the right user access set. For that reason I am changing gears and will leave most of the technical details of our projects to

EDC 2008 Session on Index Optimization and Performance Tuning

I have recently finished my last presentation here in Cairo at the EDC 2008 and wanted to start getting my presentations uploaded for all those who were asking about them. To make things run faster I am uploading them each in their own post especially since the AJAX example hasn’t been packaged yet.

I covered Indexing in SQL Server including what works and what does not work. I was very happy that my friend Mohammed Meshref from the Microsoft SQL Server team was on hand to both help and to be picked on ;)


EDC08 SQL Indexing and Perf Draft 2.ppt (546.5 KB)

Rootkits are everywhere

In the media and likely on your network!  I am suprised (pleasantly) to see so much attention being paid to a lurking menace.  Jon Box recently posted about it on his blog and called for a few of us to comment (which I did).

The fact of the matter is that Rootkits are like the devil, their greatest trick is to convince the world that they aren’t there.  They don’t show up in task manager or on service lists.  That is the whole point.

Luckily as I said the media is getting in on the scoop as in addition to Jon, Eweek has posted a pretty good article on the topic.  When you read this you should ask yourself two questions.  First how do I check for these things and get rid of them if they are found and second how do I see what is actually stored on my network.  It turns out that the hacked server becomes file server for media files is a common theme.  I recommend solid auditing and solid storage reporting as the primary ways of getting a handle on this.  For the reporting side we use Storage M&A by NTP Software.  It has the added benefit of helping protect you by keeping forbidden file types (i.e. *.vbs and even *.exe) from being written to your drives.  Exception based policies allow you to be flexible when needed, but you fix it if you don’t know it is broken.

Change in Blog

As you might have noticed I am reworking my blog (bit of a face lift and some bug fixes), but I am also changing the URL.  I registered and while I am leaving the blog accessible from the old address I am changing the redirects so let me know if it causes trouble.

Lets hope I didn’t break anything.

Very interesting contest!

Thom Robbins of MS New England fame has come up with another very interesting event!  Right on the heels of a very successful Code Camp 2 this past weekend he has announced a development contest where you can win a Mobile Device.

Check out the details on Thom’s Blog.

Should be interesting to see how far people will go.  As I understand it there are alot of devices being given.

Firewall or die…

There was a time when I believed that I could keep a server secure enough that I could get away with not putting it behind a firewall.  This used to entail just having a security plan and minimizing the attack surface.  Then it got harder and harder to keep up.  I held out for as long as I could, but sometime in the last year I got to the point where I won’t put anything I care about directly on the Internet.  The Internet has experienced what seems like the fastest neighborhood slide in history! 

This may seem obvious, but the important point here is the progression toward this point.  Where next?  Will we be taking things like smartcards for granted the way firewalls are now?

Security is a game that evolves, if you can get ahead of the next evolutionary turn you can prevent unpleasant surprises.

What do you think will be taken for granted in 18 months relative to security?

Blogging enters the battle…

I have been considering starting to blog for a long time.  There were false starts and pronouncements that I would begin that were left unfulfilled.  As I write this first entry I realize that I picked the correct name for this journal – Tech Siege.  The reason is that since before I left the military I have been trying to grok it all.  The more I assimilated the more I realized I was clueless.  I have a family and non-technical interests, but I find them shunted to the side often as I pursue that next concept that will finally round out my knowledge.

So with luck this blog will help me (and you maybe) focus on striking the balance.  I don’t expect to be gushing very often about non-technical topics, but I assume they will slip in without my being lynched.  If I do it right then I will learn as much (if not more) than anyone else who reads here.  Isn’t it true that when we look at code we wrote last year, that is when we realize how we have grown as a developer.

Computer Security will be a common theme and that allows for mammoth tangents.  We will see how it goes, only time will tell.