It has often been said that Sydney is made up of tribes. This definitely holds true in the cycling world as well. Commuters don’t want to talk to roadies, roadies don’t want to talk to roadies from other clubs, etc etc.

As a result, it can be very hard to find people to ride with, or talk to about bikes. There are a number of forums on the net, some of them even have Australia specific areas however Sydney is never represented there as much as it should be, in part because the camaraderie of Melbourne cyclists mean that they discuss a lot, and Sydneysiders discuss little.

I’ve long wanted to build a site to help this situation a little, the usual excuses stopped me from doing it (you know, working, spending time with my young family, and actually riding my bike etc). Then recently Phil was experimenting with Ning and eventually I went and had a proper look at it too. Ning is the perfect toolset for building what I had in mind, so I really had no reason not to do it.

I present to you, in full Web 2.0 Beta glory : www.sydneycyclist.com

It’s still only a few days old, and things are still being tweaked. But if you are a cyclist in Sydney, please come and join us and say hi!

On the tech side, Ning is an incredibly cool platform – once I’ve spent some more time with it I might do a post from the technology angle.

It’s been a while since I attended any developer events, but this post by Greg Low piqued my interest. The folks at Readify wanted to hold some fortnightly training sessions to keep their distributed workforce up to date on all the new stuff coming out of Microsoft at the moment, and then decided to open the sessions up to the public. The Readify Developer Network is the result.

The first session was tonight, and happened to be an in depth intro to Silverlight for developers. Silverlight is something I’ve been playing with lately so I went along. Before the Silverlight session we had a shorter intro to Windows Presentation Foundation by Paul Stovell. I’ve known Paul for a few years now but had never seen him do a presentation. Despite been a bit short for time and having to skip over a few things I thought it was a good intro to the technology. WPF isn’t something I’ve had a close look at, so I walked away with a much better picture of how it works.

The main event though was Phil Beadle’s talk on Silverlight. I went in hoping to find some solutions to some of the walls I hit when I started playing with Silverlight 1.1. My problems are mostly to do with the security sandboxing, and not being able to call media files across domains (i.e. a site at http://foo.com/ couldn’t play a video from http://media.foo.com/). Unfortunately I didn’t get any good answers other than these are things that should change in the near future.

The main thrust of this talk wasn’t media though. Instead it focused on how Silverlight applications can interact with HTML and JavaScript inside the browser. This part was very interesting, I had touched on this during my experiments with the technology, but hadn’t quite realised just what a powerful tool it is.

Depending on what changes Microsoft make to the Silverlight bits and how quickly they make them, it could be a very fun technology.

Anyway, if you’re a developer in Sydney, Melbourne or Canberra – I think these sessions are well worth a look. You’ll most likely find me at the SQL Server 2008 and the Powershell sessions at the very least.

I’ve just made the jump from Windows XP to Vista. I was getting asked more questions about it, and having to support applications running on it, and I really wasn’t able to answer with anything more than an assumption. On top of that, my 12 month old XP install was getting creaky, waking itself up in the middle of the night, taking way too long to boot and generally annoying me.

So far Vista has been reasonably painless, after I tweaked it a little to turn off the annoyances it’s performing nicely.

Something that drove me absolutely nuts is that although Firefox was the default browser, a number of applications (including Google Desktop and Trillian) were opening links in IE. This is a known issue for both Google Desktop and Firefox but the recommended fix didn’t work for me. What finally did fix it for me was going into Default Programs, choosing the “Set program access and computer defaults” and making sure that Internet Explorer wasn’t selected as the default browser there. Obviously there are a few levels of default, and one of them wasn’t being set properly for me.

I’m blogging this in the hope that it helps someone out, I couldn’t find this answer anywhere.

The Google Earth blog has posted up a link to this years Tour stages as a Google Earth KMZ file. This is a great use of GE to preview the terrain that we'll be seeing in July. If you look closely you might even catch some of the Men in Black doing some secret training.

Warning : Geeky excitement to follow.

I'm just starting on a project that involves a bit of Javascript. I've long been a proponent of unit testing in my .NET projects, and I've been a fan of log4net for over a year now, so I was incredibly happy to find that someone has ported JUnit to JavaScript and called ..... JsUnit. There is also a very nice implementation of a log4j / log4net logging library called log4javascript.

Now I just have to sit back and wait for James to tell me how he's already built his own :)

While the world is going a little nuts over 2.0 applications at the moment, I've been finding and playing with a bunch of cool open source desktop apps. I have to thank Lifehacker for pointing me in the direction of most of them, but here's a roundup of a few I like (it's an ironic twist that Lifehacker is a site about productivity, but you could waste 8 hours a day if you tried everything they suggest).

Synergy

Synergy is a client server application that lets you control multiple computers with one keyboard and mouse. You install it in server mode on the machine you want to use as the master, and connect the others as clients. When running, it's just like having a multiple monitor setup, except they are separate machines. When your mouse moves to a new monitor, you are then controlling that computer. The really cool thing is that it works across different operating systems, so you could have a Windows / Mac / Linux setup if you wanted. 

Get it here, and there is a nice tutorial here. For pretty much any OS.

XML Copy Editor

This one is a fast and free XML editor. Those of us who don't want to shell out for Altova's XML Spy have been using Cooktop for years, in a constant state of upset that development has stopped on it and we have to live with it's quirks. This one is a nice alternative, and the XPath evaluator works really nicely. Get it here. For Windows and Linux.

Keynote

I've actually had this one around for keeping notes for a while, but recently started using it as my main todo list and task tracker, something it excels at. Keynote is a multi tabbed outliner and notetaker that lets you keep rich text notes in pretty much any structure you like. Development has unfortunately stopped, but it has a large following of people that have looked for alternatives but keep coming back to it. It's Windows only, but can be downloaded here.

KeePass

This is another one I've been using for a while, but I use it every day and it's definitely worth a mention. KeePass keeps all your passwords and logins in one place, nice and secure. It also will generate random passwords for you so you don't end up using the same password everywhere you go. Windows only, available here.

osalt

OK this one is a website, but a cool one. It's a directory of open source alternatives to popular commercial software. Well worth a look.

SubSonic

This one is more developer focussed. SubSonic is a toolset for .NET development that looks like a good combination of data access code generation and O/R mapping, as well as some Rails like features like scaffolding controls. I'm looking closely at this one for a coding project I'm about to embark on. Check it out here, there is also a good screencast that shows it in action.

I've been having a crazy few weeks, and haven't had the mental coherence to write much. But there have been a few things that have crossed my path that are worth mentioning.

Techy

Twitter

After a few prods I started playing with Twitter (or should that be Twittr). At the moment it's a bit of fun, but I can see it as an idea that will have some useful applications, when someone figures out what they are.

Tiddlywiki

Tiddlywiki is a totally self contained, client side wiki. It's very slick, I think I'm going to try it out for a few weeks to keep some project notes and see if I like it.

Google Mail for Domains

After hosting my own mail servers for a few years I'm getting sick of dealing with spam issues, not to mention uptime paranoia. Google have started offering their "Apps" package for your domain, and that includes email. So now I have Google doing all the work for me, I have a GMail web interface if I want it, while retaining full POP access. Awesome!

C# Command line parser

In the seriously geeky category, I had to write a command line application the other day with a bunch of optional parameters. Rather than parsing all the arguments myself I went looking for a decent open source library to do it and found this one. It works very well and saved me a stack of time.

3 Netconnect card

I've been working in some environments with a less than practical network connection lately. So I signed up to 3Mobile's new HSDPA service and got their Netconnect card. Read about it here. It's working well, and I have better than ADSL speeds all over the city. Yay!

iPod without iTunes

I recently found an iPod Shuffle on the road, it had obviously been dropped out of someone's car window, or left on the roof and forgotten. It was great until I left it in my cycling jersey and washed it. By then I loved the thing and had to buy another one (this is the old style shuffle, not the new one). Anyway, I've come to really appreciate Apple hardware, particularly iPods, but I HATE HATE HATE iTunes. So, as a standalone iPod manager, check out the freeware YamiPod. Or, and I can't believe this isn't huge, MGTEK doisp is a plugin to that integrates any iPod with Windows Media Player 11 that allows you to sync just like you would a Windows Media device. It just works. Like I said, I can't believe more people don't know about this.

Cycling

If you've been following the various cycling blogs in Australia you'd know that the pressure is being applied to the parties in our upcoming state election. So far the Labour Party have failed to respond at all, hardly surprising as all their decisions point to the fact that they'd like us to just go away and buy some more cars and pay some more tolls to be stuck in traffic jams. The Libs put out a policy, which for the most part is pretty good (Phil has the rundown). What struck me was the snarky point that seems to be aimed squarely at Critical Mass. Now, if you've read this blog you know I'm hardly a supporter, but the way it was phrased, and the fact that it was there annoyed me a little. So I emailed the author (Peter Shmigel) and asked for a clarification about why such "bicycle protests" were illegal and got a response worthy of Yes Minister.

The statement means nothing more or less than it reads and isn't directed at any particular person or group.

Sigh......

On a happier note, anyone in Newtown tomorrow night (Friday 8th) check out the opening of the first art exhibition at Cheeky Transport.

Music

Sydney funksters Kid Confucius' new album Stripes is out. Go buy it. NOW!

I can't pass this one up, a story that involves cycling and Google Earth.

The Tour of California starts on the 18th and some cool technology is coming into play. A handful of riders will be carrying GPS units on their bikes that will transmit location data which will end up used, among other things, on a Google Maps mashup and a Google Earth feed.

I was involved in the first live Google Earth feed for a sporting event while working on the Sydney to Hobart site, so it's fun to watch other events do similar things (albeit with a much bigger budget). Last year this event had a really nice Google Maps integration to track the current stage, but it was manually entered data. This year they have much cooler toys to send realtime data over the mobile phone network.

More details in this Wired article.

Ever been woken up and had a conversation with someone that you don't remember properly later ?

I have. A few years ago I'd been up until the wee hours of the morning writing code for some deadline project. At about 8:30 am my mother rang me to talk to me about something, she said "you sound sleepy, did I wake you up ?".

"Yes, I was up all night working on a voice recognition system".

"Wow, that sounds complicated".

"Yes it is".

"OK, well why don't you give me a call later on".

"OK..zzzzzzz"

I'd been working on no such thing of course, I'd obviously been dreaming something about voice recognition (yes folks, working too hard will mess with you). A few hours later the bizarre thought entered my head that I'd had a strange conversation about voice recognition. A quick phone call confirmed the fact.

Ever since then, the very mention of voice recognition makes me chuckle. This video however, made me laugh out loud.

Adam Cogan pinged me the other day to let me know about a new site that some of his SSW folks have mashed up.

http://www.spyk.com/

SPYK is a mashup of Domain and Realestate.com.au property listings and Microsoft's Windows Live maps.

I'd seen people doing this in the USA with Google maps, but the data wasn't available here in the past. It's great to see some more cool web toys available with Australian data.

I've held off writing this for a few weeks because it didn't really seem real yet, however the last week of international travel has changed that.

As of the end of August, I'm no longer a senior developer with Massive Interactive. Most of this year I've been working on a huge project which really hit home that I'm burnt out as a developer and in need of a change.

As luck would have it, such an opportunity arose and I went with it.

I've taken a position as a Solutions Architect with thePlatform, working on designing and managing integrations with thePlatform's Media Publishing System for Australian clients.

thePlatform is based in Seattle, so I've just spent a week there meeting everyone, getting some training, and finding out how everything works. It was a fun week, so much to learn in a short time.

When I started this blog, in my About page I wrote that I was very interested in where the music industry was headed with new technologies. Now I'll be very closely involved with some implementations of new technology for digital content delivery, it's exciting to be back on the cutting edge.

Over the last 18 months, with so many concurrent projects, I've not been vigilant enough about keeping my skills current. While I've been getting .NET 1.1 and SQL Server 2000 to jump through all sorts of hoops, I pretty much let the launch of the newer versions of these platforms pass me by. Two years ago I had all sorts of grand visions about being an early adopter of SQL 2005 and knowing lots about it before anyone else did. Unfortunately it just didn't work out that way, the projects I was working on didn't call for it, and with so much on I couldn't commit the time to diving in. While my new job isn't a coding job, I do have to be current with what people are using to develop solutions today so I finally have the mental bandwidth to start exploring the "new" stuff. I'm definitely looking forward to that. In fact, I've already started.

I am going to miss working at Massive. I made some great friends there and worked on some cool and high profile projects. It can be a fun environment to work in, unfortunately if you let it, it can also be draining. I let it.

Of course, I also can no longer call myself a bike commuter. I'll be working out of my house most of the time. But given the weird hours I'll have to keep to be in touch with the US, I am going to have some time in the day to go for a ride :)

A few months ago I gave a presentation on SQL Injection to a group of developers. I talked about and demonstrated the hows and whys and gave some frightening examples of what can be done if your web application isn't secure.

A quick note to my non-technical readers.... SQL Injection is a technique that can be used to hack a website that doesn't do proper validation of user input. Its effects range from an error shown to the user, revealing data that should be hidden, deleting or changing data, all the way to gaining total control of a web server. In short, it's bad.

Anyway, back to the presentation. At the end of the talk I got a range of comments from "well duh" and "I can't believe you had to give that talk" to "oh shit! I had no idea". My feelings on it fall strongly in the "I can't believe I needed to give that talk" category. In this day and age, information about how to secure yourself against these sorts of attacks as well as how to exploit these holes are everywhere. A quick search of the net will tell you everything you need to know, so there really isn't ANY excuse for building web applications that are vulnerable to SQL injections. It's lazy and it's sloppy and if you're doing it, I'll go as far as saying you probably shouldn't get paid.

Unfortunately, there are developers who are still doing it.

Some of these people are just blissfully unaware, this means that they just lack the understanding of the tools they are using, and have not put any thought into what might happen if a user enters some data they aren't expecting. This also means that they are not honing their skills and keeping up to date by reading and researching. This stuff isn't new. An analogy might be a builder filling your walls with asbestos because he hasn't heard that the stuff could kill you. Would you find that acceptable ?

Others think that their tools do or should automatically protect them from their own stupidity. I've actually had a developer say to me "shouldn't Microsoft do that automatically ?". What the ??? That's up there with "It's not my job to test this code".

The other excuse I've heard is "what if it's not a high profile site ? It really doesn't matter". Well that's a great attitude! It doesn't need to be high profile, a lot of peoples personal details and data are stored in smaller sites. Not only that, but a compromised server can be used as a staging point to attack other sites with some anonymity.

The reason I bring this up today is that someone sent me a link to a site in "beta". We're experiencing a second bubble and starting to see lots of hype, and lots of high profile sites. This time around we also have bloggers linking to the latest hot property.

So anyway, I was sent a link to the site, with a note that some well known bloggers are involved in it, and it could be the next big thing. I had a quick look at the site, was pretty underwhelmed by it all, but I thought I'd kick a tyre or two. I dropped an apostrophe in the search box and bang! There I had, in all it's glory, an ASP.NET "yellow screen of death", complete with a full stack trace (debug builds in production) containing the dynamic SQL that had been executed. Fantastic. Had I been a malicious type (and I'm not), I could have caused all sorts of mischief. I'm not talking about using sophisticated "hacking tools" either, I'm talking about typing into a box on the website using nothing more than a browser. As an aside, I'm going to be responsible and let the people involved with the site know privately.

So I ask my fellow developers here, why is it, in the year 2006, that we are STILL seeing these mistakes being made ? Haven't we learned anything in the last 10 years ? Why are SQL Injection exploits still the most common attack vector on the net ?

This isn't Microsoft specific, or even closed source specific either, so don't drag out that tired argument. Every platform, and every language makes it possible to do this, and it happens on every one of them too.

Microsoft's Live team have released a blog editing tool with the unfortunate name of Windows Live Writer. Despite the name, it looks very slick, and if you're reading this post, it works well too!

I've been using W.Bloggar as my blog tool for ages, and while it works OK, it is a bit clunky. This seems much nicer.

You can edit in HTML if you like, but the HTML produced by the tool is very clean and simple. It also has a very nifty feature that loads in your blog's CSS and home page design and allows you to preview what the post will look like in your blog. Very cool!

A minor annoyance is that it doesn't have out of the box configuration support for .Text / CS / SubText. Which is pretty silly considering 95% of Microsoft blogs are running on this platform.

Interesting to note, the blog post announcing the tool is JJ Allaire. Which I'm guessing is the JJ Allaire of Allaire and Cold Fusion fame. Is there anyone left that hasn't been hired by Microsoft ??

[via Dave Winer]

Looks like a few cardigans have been ruffled over at the ACS when they saw the results of the IT Goddesses calender. Heaven forbid the society might be seen as progressive or current!

I spent last night in Melbourne for the official launch of ActNow, a site that Massive built for the Inspire foundation. ActNow is a website for young people to learn more about global and local issues and find things they can do about them.

I've put a lot of time into this site since we started talking about it last year, so it was great to unwind a bit and party with some of the people involved. Although I'm still feeling the effects of the Orange Martinis with Leisa.

The launch event was great too, all the people creating content and using the site are really enthusiastic and excited. It's a nice change working on something that actually effects peoples lives rather than just making money for a company. Inspire have a fantastic group of young people working on creating content for the website and it's going to be really exciting to watch how it all grows.

From a techy perspective, the site is an ASP.NET application, written in C# and has an SQL Server database. There is some cool flash and XML integration and lots of RSS.

Grant beat me to blogging about this too, but he did leave earlier than me :)

Update: Leisa has lots to say here.

I just stumbled across Google's GData API via Nick Bradbury's blog. This looks really interesting. We are already seeing countless services built on top of syndication formats like RSS and ATOM, GData is taking it a step further by adding data saving and querying into their format.

If this format takes hold, and there is no real reason why it shouldn't, then it opens the doors to all sorts of new ways of sharing data around.

They also have provided .NET and Java client libraries, with extensions to talk query Google Calendar. I can think of a couple of fun uses for that already.

Oooh, I just realised, this is my first tech post on this blog. It's bound to be of no interest to the cyclists, but them's the breaks.