Wednesday, February 23, 2005

MS Security Summit review & feedback

The Security Summit was yesterday and I promised a few people that I'd provide some feedback. So here we go.

I should point out that I spent all my time in the MSDN Track as I was more interested in upcoming technologies rather than security per se.

For reference check out the agenda.



The keynote, delivered by Microsoft VP Bob McDowell was delivered with skill and style. Compelling and passionate, Bob obviously revels being on stage. It was fantastic watching him, even though I felt that he only lightly covered any topics of relevance to security. He seemed more determined to rebut Nick Carr's popular article of 2003 "IT doesn't matter". However, rarely have I seen such a wonderfully presented speech - no slides, no fancy displays, just a gifted and polished presenter. Inspiring.



Next up was Jason McConnell giving an overview of Visual Studio Team System. I've been reading Jason's blog for awhile now - hey he's a Melbourne boy! - and VSTS was one of the reasons I was there so I was looking forward to this presentation. But, sorry Jase, I was disappointed. Maybe it was because he was following up the energizing McDowell but I felt that he was lacking punch, that he was underprepared and that the slides were poorly organised. Jason seems like a terrific guy so I'm putting it down to a case of "holy crap, I've gotta head off to Redmond in a coupla weeks!" syndrome. All the best in your new job Jase!



Next was Darryl Chantry and Sean Salisbury with "Testing for Quality Code". Darryl is a kiwi and spoke for the first half of the presentation about various tools that Microsoft use and provides today - tools like the excellent FxCop and PREfast - as well as how they're going to bundle in unit testing and perf testing etc in future versions of Visual Studio. Nothing terribly new but interesting nonetheless. However, like Jason, Darryl was lacking energy. Guys, at an event like this we want to leave the room excited about your products - give us something to get excited about, deliver with energy!

Oh, and Darryl, is there going to be some sort of tool to perform GUI unit testing? The only reasonable solution I'm aware of is NUnitForms (WinRunner and other recording-based tools don't cut it in my experience) and since Microsoft seem to be replacing all the other third party tools... ;)

I inwardle groaned when I realised that Sean was there to present about his companies product - sounded like we had a sales pitch coming. But I was pleasently surprised. It was a plug, no doubt, but Compuware's products look first class. They would certainly complement the Rational toolset that we use. In particular, the new Fault Simulator and Security Checker looked great. FS allows you to simulate various system errors (low disk usage, out of memory etc) so that you can exercise your error handling routines. SC closely examines your ASP.NET code at both compile and run time to try and find security leaks and , if found, suggests ways to fix the hole. Nice. Their other tools helped tune and profile memory, review code, analyse performance, determine code coverage, detect thread deadlock and many other neat features. I do believe the tools are expensive though. Good job Sean, you got me interested in your products though I do have some concerns about the potential difficulties in creating automated scripts with Fault Simulator.



After lunch Darryl was at it again, this time with David (didn't catch his last name). By this stage I was getting tired - I had woken up at 6:30 that morning which, for me, is way early. So their presentation, entitled "Design for Operations with Visual Studio Team System" was struggling to hold my attention. Darryl again seemed flat - though I've got to mention that he seems a genuinely nice guy - but the demos were a highlight. On the technology front, a lot of it was about trying to help architect solutions by providing higher level tools to represent blocks of a system. I think the idea has promise but, even after the session, I've yet to see major benefits to using these tools. Mind you, they do look cool.

I skipped the next session as I needed some fresh air to stay awake, so I went for a walk along Southbank and picked up a free coffee at an iBurst promotional tent along the path. Was a reasonably decent coffee. And the iBurst service - wireless broadband - is gaining momentum and coverage. I read my blogs from their booth and found the speed of the connection, as promised, very fast. It's still expensive but not ridiculously so.



Anyways, the next session was "Deploying applications with ClickOnce" hosted by Andrew Coates. Another familiar blogger, Andrew's presentation was pretty kick-ass. he's obviously excited about the technology and loves giving presentations. ClickOnce is looking good - I've been playing with it in the November CTP but Andrew gave a simple yet powerful demo of many of it's features that I hadn't used, like the various ways to check for program updates. ClcikOnce is finally making the implementation of a conceptually simple process simple. Try saying that four times fast. Good work Andrew - especially in light of an IDE crash! But hey, where's my book?! ;)

And has ClickOnce been standardized so cross platform development is - at least in theory - possible?



The final session for the day was an "Introduction to Programming with SQL Server 2005" by Greg Low. I'm not a passionate database user but Greg's presentation was terrific. His quiet demeanour couldn't hide the fact that he loves his work. Especially Yukon. He's got reason to enjoy it, Yukon is looking pretty awesome. The idea of having an accesible CLR in the lower layers warms my cockels. And, although Greg emphasised that the idea isn't to have a database act as an object store, that idea really appeals... He also showed us that T-SQL isn't dead, with a host of changes in store on that front. Covered a lot in a short amount of time - and Greg probably could have filled a whole day on half of the topics. We were the last session to finish...

Thus the summit ended. A pretty good day and, despite some "flat spots", I'm glad I attended. Thanks to Microsoft for putting on such a large event, it was really appreciated by me and everyone I talked to. Apart from the minor delays in registration everything ran very smoothly, even the obvious unpredictability of McDowell's keynote! The MSDN connection benefits were nice (speedy rego line & the lounge area) and I encourage you guys to continue to push that service. Can't wait to see the PDC come to town. ;)

Now, where were the G'Day World lads? Cam, you only live fifteen minutes away, where the hell were you? ;) Some of these sessions would have been really good podcasts...

And it's a pity that Frank Arrigo couldn't be there, many people were keen to meet him. Hopefully next time.

The post-summit festivities were fantastic, but that's for another posting, for now I've gotta get some sleep!

[Update: Photos are inline!]

3 comments:

Anonymous said...

I would have loved to be there, especially since *I* am a Melbourne boy too, but I was indisposed.

Good to see you had a good time.

cheers
Frank

William Luu said...

Cam, I think he meant he'd love to have seen you come along to the dinner for a conversation.

Matt said...

Firstly, yeah, it would have been good to have Cam there after the sessions, at The Pub and Blue Train - just so we could meet the Napolean & coffee lovin' fella, and that he could get amongst some of his fans. (!)

Secondly, I understand that G'Day World is trying to remain product-neutral but some of these sessions were really useful...nah, actually you're right; it isn't really a G'Day World 'thing'. Perhaps it would have been a better fit for IT Conversations.

Thirdly, there were quite a few interesting people at the dinner - especially myself of course - and you could have stuck a mic in front of their faces for a couple of minutes and gotten some pretty interesting content. Probably not but maybe!

Anyways, it would have been nice to meetcha Cam. :) Another time.