I am an old-fashioned guy, you save up for nice things, wrap-up when it’s cold and when you’re told you have enough physical memory available – you should be able to start your VM.
Not so fast there old guy.
VPC seems to want to load your VM on top of all the accumulated stuff on the floor of the cow barn. This is a bit confusing because after closing a VM you were always below where you started in terms of available physical memory – VPC (or something associated with it) had cleared out the no-doubt-otherwise-valuable stuff which had been sitting in RAM.
Unfortunately, VPC doesn’t do this RAM mucking-out before it tries to grab its chunk (in this case 2.4 Gb on a 4 Gb laptop) – it does it afterwards – see the snip of physical memory usage from task manager below, the graph peaks somwehat over 96% after launching VPC and then falls back by about 10% or so.
I know there must be a really good reason for this but all I want is to run my VM when I have enough memory free.
(It’s OK guys, I know there are all sort of benefits for leaving stuff in RAM that’s only temporarily finished with). Read the excellent Mark Russinovich if you want to get under the covers.
Last year, Vista went blue-screen on me. It was early days, non-Vista app and bad disk sectors – OK, suck it up and move on.
Two days into 64-bit Vista freshly installed on a new laptop and would you believe it – a pretty shade of blue greeted me when my laptop woke up. Frustratingly, I wasn’t fast enough to snip the dialogue box before it closed but I’ll always have the memory (dump) of the experience.
Now, as I sit and type this post this little guy appeared out of nowhere.
I am clearly on a new journey of discovery.
I attended a BCS/IET talk by the ever-excellent Steve Lamb. His theme was the three ghosts of Microsoft security (a Christmas Carol – Past/Present/Future get it..). He moved very smoothly through the phases of security in Microsoft and I have summarised a few take-aways from his discussion:
Microsoft’s Bluehat is an ongoing series of meetings.
We need to pay attention to risk not just the technical stuff – you can become too focused on technical detail and not see the wider picture (which may present greater threats).
Checkout the Microsoft Security Development Lifecycle much interesting and useful stuff – it is as relevant for implementation as for software development.
Steve urged us to constantly be aware of the 10 immutable laws of security
Do threat modelling – know where your real risks lie.
Sqlserver vulnerabilities are much reduced before and after Microsoft’s implementation of Security Development Lifecycle
Vulnerabilities up the stack are much bigger than in the operating system – around 60% are estimated to be in web applications. Just think what there might be in 5/10/15 year old code.
Use an Infrastructure Optimisation model (Basic/Standardised/Rationalised/Dynamic) for an approach to security development (and implementation).
STRIDE is a good starting point for threat modelling
Checkout the Microsoft Security Response Centre
CONCENTRATE ON EFFECTIVE SECURITY
As a development house, we produce project estimates as an early part of pricing work and estimating required resources..Duh, yeah.
But over the years we evolved our mechanisms from using spreadsheets to MS Project to Project Server. Using Project Server gives you a great repository but I’ve always found that SOMEdamnTHING conspires to prevent it really giving you the payoff. Forward planning for resource requirements, keeping work done, work remaining and the real, actual schedule impact on the project up to date needs more than a fair bit of PM work – especially when the (even greatly improved) timesheet features in PS2007 still fall short of fully usable.
Now – in walks TFS, a tall leggy redhead of a system and like a redhead, you can’t not look but you know there will be, in all probability, trouble in store later.
TFS makes it easy to work with tasks between itself and MS Project (and Excel) BUT NOT PROJECT SERVER. So you can maintain tasks in either system and sync/publish between them – so far so peachy. What this means is that the
code-wonks heroic, nose-to-the-grindstone developers can take their TFS task, do the work and update their work completed and work remaining while the alpha PM can watch his schedule in Project and panic accordingly.
However, this leaves you with a dilemma, you need to abandon Project Server, you’re working with .MPP files, TFS is the only repository in town and it’s oriented to tasks, risks, bugs and stuff and not to providing (our) enterprise time management – and as we know TIME = MONEY. So…
Next time – If TFS is the circle, what’s the square…