Trust nothing free

by BillSempf 17. September 2009 13:43

I was an early adopter of Live ID.  I was a Passport user before you could use your own email address; my first passport was  After it went to Live ID I set up an ID at  I mostly use the hotmail address for personal stuff like xbox, and the pointweb account for professional stuff, like my partnership account.

After the 2006 Author's Summit I learned about the early beta of Office Live, and joined.  I created a new ID - - specifially for the project, but I included in the Office Live account so I could integrate my email.

Long story short, Office Live isn't very good.  It is basically the Google Apps, but it costs $20 a month and breaks a lot.  So, I went to Google in the summer of last year.  I moved my email, and cancelled my Office Live account.  All was happy.

Two weeks ago, I figured out that Office Live has been billing me for a year for the service I cancelled.  I logged into and cancelled the service.  Then I got ready to write an email ripping Office Live a new one.  I went back to to get my history ... and couldn't.  My Live ID account was deleted when I cancelled the service.  "Well, that's OK," I thought, "I set up that account just for that reason."

But, they deleted my account too.

I couldn't believe it.  Looked EVERYWHERE for a phone number - not phone support for Live ID.  Put in email tickets.  After 32 responses, I gave up.  All they did was say "check your password ... account is disabled ... check with Office Live."  Office Live, after 40 responses, told me to leave them alone.  Not their problem.

So basically, Microsoft screwed me.  My Mesh account, my Asure account, my Connect account, Messenger, MSDN, my Partner account, my Live Space, everything is gone.  Can't get it back. 

Notice something.  All of those services are free.  Microsoft doesn't care.  How could they?  I'm not paying them!  They are within their rights to delete any of those accounts anytime they want.

It was my fault for trusting them with my information.

We all do this alot.  Why pay for software if you can get it for free, right?  Free is cheaper, right?  Well, no, not when the REAL owner of the software has an attitude like this.

So, I need to not depend on free services.  I am getting out of Google too, because if they cancelled things right now, I would be toast.  Going back to SmarterMail for my email, or something like it.  Something I control; somethign I paid for.  I moved my blog back to a server I can touch too (thought I am using free software, but at least it is my build).

Remember this when you recommend something free to a client.  They will get what they paid for.

EDIT: Here is some Google fodder: Windows Live ID Error 80048826 means "Your Live ID is gone because the Live ID Database is hopelessly corrupt due to poor architecture and worse implementation.  We wish we'd used OpenID too."


Biz | Personal | Rants

Listening for pin drops is a misnomer

by BillSempf 11. September 2009 05:50

When teaching beginners how to pick, I find that quickly they learn that they can hold the lock up to their ear and listen for pins dropping as they release tension on the wrench.  If you have lifted pins up at all, the springs will snap them back into position with a little ‘click’.  If you know how many pins is in the lock (which you should) they you can ‘see how close you were.’

This doesn’t work.

There are two common errors in beginning lockpicking.  The first is too much tension.  This is a problem because if you rotate the cylinder within the lock too much, every pin will feel like it is binding.  You will hold both pins against the shear no matter what, and you’ll get a very bad level of feedback of actually lifting over the shear line.

The second mistake is overlifting.  Few people know how little pressure is required to actually life the key pin, and it is common the just ram the whole pin stack all the way to the roof witho0ut stopping at the shear line – a problem complicated by providing too much tension.

Overlifted Pin

Those two problems combine for a false sense of what is happening inside the lock.  If you lift all of the key pins into the shear line – very easy on cheap locks – and then release tension, you’ll be able to hear all of the pins drop.  This causes the ‘oh, but I had it, ‘cause I could hear them drop’ problem.  The problem is that you didn’t have it, there is nothing wrong with the lock, you just overlifted.  It’s a common problem.

The best thing you can do is not listen at all in my opinion.  It’s like sniffing the cork when tasting wine – it’s not going to tell you anything.  The sommelier offers you the cork to you can make sure it isn’t dry or crumbling – NOW so you can sniff it.  Experienced pickers listen at a lock to see if they have something in particular, not just to see if they have any pins lifted.  I sometimes listen early on, to see if my feedback is lying to me.  I try and set one pin, and then see if it snaps back.  I don’t know if it is overlifted, or just jammed into position with too much tension.  But I do know if I made one pin stick.

So, don’t listen at the lock, at least when starting out.  Trust your fingers, and start with easy locks.


Personal | Locksport

C# 4.0 at CONDG

by BillSempf 8. September 2009 09:21

I was very pleased to be able to give my C# 4.0 talk at the Central Ohio .NET Developers Group last month.  Carey Payette accepted my offer to give the talk – based on the last section of my upcoming C# All In One book from Wiley – and I did my best to polish the talk to get it to the level expected by the fine people of CONDG.  Hope I met everyone’s expectations!  The reviews were very nice.

I utterly failed to get any pictures, although @leshka posted this one to TwitPic.  I did get some video, which I’ll put on my SpeakerSite after I get it rendered

+1 Retweet @pmontgomery at #condg to hear @sempf  talk about ... on Twitpic

It was a great turnout – 103 people I think.  Wonderful questions too, and some great feedback from many attendees.  Bill Melvin posted a review on his blog, which I appreciate.  Twitter was rockin with comments from attendees, too.  I agree – the fact that the wholesale changes to the language are more or less just for COM compatibility is somewhat disappointing, but the dynamic language features still excite me.  Also, Tim, I agree that just because the dynamic keyword exists means we should use it.

I ran without slides, but I did use a big Visual Studio solution.  That compressed folder of samples is here, warts and all.  Feel free to dig in and see what a warped brain is really like.  The snippets don’t travel well, but the sample code is all in the Examples file.

Anyway, great time, everyone, hope to do it again after I finish the research for the Oslo book.


Biz | C#

Blogging Devlink

by BillSempf 8. September 2009 08:25

I was pleased to be introduced to DevLink by Brian Prince this year.  It is a great conference, catering to the more southern members of the Midwest development development family, similar in structure and content to CodeMash in January.  Held at a college campus, it has a loose, collegial feel (unsurprisingly) and has some great content.  The proof is in the pudding – a lot of people made the trek from Ohio and Indiana to Nashville for the three day con.

I went a day early to take part in a community leadership mini-con that the Midwest evangelism group for Microsoft put on.  Thrown in a unconference format, this was a gathering of sixty or so movers and shakers in the Microsoft developer’s community, along with a few of us hangers-on.  Steve Webb and I went to try and soak up as much of the community goodness as possible, and some great southern barbeque as well.  We got what we were looking for.

Open Source Community

Due in part to the MVC4WPF project, I have a recent interest in the community surrounding open-source.  I held a session on the Open Source Community and had a great discussion with a few experienced souls.  We determined that in order to have a successful open source project and surrounding community, you need four things:

  • A strong leader, who can focus the energy of the group, and set direction.  Scattered development makes everyone feel bad about the project, and the only reason people participate at all is to feel good.
  • An easy patching process.  If people don’t feel like they can participate, they won’t participate.
  • An existing user base of sorts.  If there is already a group of people working on the project, they produce the core of the open source community.
  • Tool Availability.  If you need VSTS 2008 to do the work, then fewer people will be interested.  You need to be able to do work on the product on your home machine.


The biggest key to growing a community is popularity.  Popular projects – at least in the Microsoft world – have four common characteristics:

  • Need.  There has to be a need for the end result of the project.
  • Caretaking.  Long after the shiny newness of the project has worn off, someone has to care for it.
  • Ease.  Use, development, documentation, everything. 
  • The source should be included in the product install.


Sponsorship ROI

Another cool discussion was on the topic of sponsorship.  As one would expect, it is harder and harder to get companied to pay for the trip to a conference – even an inexpensive one like DevLink – along with the time off, the travel, et cetera.  The group came up with seven ways to sell your company on the idea that going to a con was a good idea.

  • You will be cool by association.  Especially if you are giving a talk, you get to say “Hey this consultant of ours went and presented a paper along with the Famous Tim Wingfield!” or whomever.
  • Being elite is more marketable.  Following along with the last tip,. it is true that elite-ness is quite marketable.
  • Providing training / brain dump.  When you get back from a con, offer to run a session or do a screen cast to train others.
  • Put some skin in the game by offering to pay for part or take vacation time.
  • It is true that events build experience, and experience improves marketability.  IF you go and get exposed to Azure, you can look a client in the eye and say “I have some experience with Azure.  What do you want to know?”
  • Networking!  Local people travel.  You can sell and recruit.
  • Point out that the sponsoring company will get to retain top talent.  People stay where they feel they are valued, and a cheap way to show value is sending people to events.


On the issue of companies paying the small sponsorship fee to become an actual sponsor of the event (apart from sending people) we discussed the idea of selling access to an opt-in email list.  This could be for sales purposes if you are a tool vendor, or recruiting if you are a consulting company.

At the con

Hey, wait, there was a con too!  After all of that that brain pumping at the community summit, I got to go hear the hippest cats in the Midwest talk about some cool technology.  Learned a lot, too.

Thursday was set up as two half-day sessions, which I was only sort-of impressed with.  Don’t get me wrong the content I attended was really very good, but three hour sessions are really very hard to do.  I’m not sure I would recommend it to the organizers for next year.

I started my day listening to Jim Wooley (aka @linqkinq) chat about database driven web.  He had a good strong overview of the various new ways to quickly set up ASP.NET data access, along with experienced view into the enterprise ready techniques.  We got a first look at RIA Services, along with the tasty morsels of LINQ and Entity Frameworks in action. 

The afternoon session was on cloud deployment, from the very experienced Ben Henderson.  We did a few end to end deployments of cloud applications on both Azure and S3, and I learned about the S3 Organizer for Firefox, which I recommend to anyone working in the cloud space.

The next two days of the con were the usual hour-long segments of technological goodness.  There were regularly seven tracks going on so no one had a problem finding something that they were interested in.  Additionally, there were the open spaces, which follows a free-flowing hippyism format with an open grid and user generated content.  I ran a session on the Managed Code Rootkits that I learned about at Defcon, and had a great conversation with Steve Wallace and others.  (We decided that more research was necessary as to the risk, because if you have admin access, there are worse things you can do than munge up the .NET Framework.)


On top of it all, I had a great time in Nashville, without really ‘doing’ the city at all.  I didn’t go to a ball game, I didn’t hear any big name acts, I didn’t see any celebrities, but I had a great time.  The community summit was at Jack’s Bar-B-Que, which is a Nashville standout.  The hotel was two blocks from Broadway, where all of the fun is.  There was lots of good music to be had on every street corner – who needs to go to a show?  The restaurants that we visited had no fewer than fifty beers on tap each, so how can you you argue with that, I ask.  All in all a good time.

So thanks to Brian for inviting me, Steve for putting up with me, the organizers for bring good at what they do, and the presenters, attendees and volunteers for making DevLink an all around great con.  Can’t wait for next year.


Biz | C# | Cloud

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.

Find me on Mastodon

profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites