On one side we have Subversion and on the other we have Live Mesh. With the former we have a solid, proven, and somewhat aging version control system. With the latter, we have Microsoft’s brand new (but actually not) Internet-friendly synchronization masterpiece.

With Subversion, you can easily commit changes, view different versions, and generally maintain your source code. Several different clients can all get updates from and commit changes back to the server in the typical client server model:

With Mesh, multiple computers (including an optional virtual desktop call "Live Desktop") are automatically kept in sync. Any number of clients can be added to the user’s Mesh network:

This is great and all, but each technology by itself is limiting. With vanilla Subversion, a user can work on a set of files at each client, but if he wants to continue working elsewhere on the changes that he was previously working on at his desktop, he simply can’t. With pure Mesh, a folder can be synchronized between multiple computers so that sets of working files are always and immediately available. However, in this case there’s no versioning. There’s no source control. The current version is the only version. So how could these two technologies be mashed up? There’s a couple potential ways…

The Gateway Method

Each Subversion client is an entry into the user’s Mesh network. The dual purpose machine acts a gateway between the two logical networks:

The gateway would sync the source from Subversion and that source would be synchronized across all Mesh nodes. The working set would always be available. So everyone’s happy, right? Well, not quite. The only way to commit the working files back into Subversion is through the gateway, since it’s the one computer that is both a Subversion client and a Mesh node. The other Mesh nodes have no direct access to Subversion other than through the gateway. This also means that the downloading of any other files the user might need could only be done on the gateway as well. Doesn’t sound like we got it yet.

The Full Synchronization Method

The other way is to force each and every Subversion client to be a Mesh node:

In this manner, the working set of files would always be available and the user can commit from whichever computer he’s on. An update in Subversion to grab the latest source would then be replicated across all Mesh nodes. Everyone’s happy now, right?

For starters, you have a chicken and egg problem here. If you set up Live Mesh synchronization first, then Mesh will download the files into the synchronized folder. But then when you set up the Subversion client, the first update will fail because the files and folders already exist. You can’t just delete the files, because Mesh will automatically delete them throughout your Mesh network. Not good. However, this is easily fixable by just signing out of Mesh temporarily, updating Subversion, and then signing back in to Mesh.

Making any changes on any of your Mesh computers will automatically be synched to the other computers. This makes updating Subversion obsolete. The updating is constant and automatic. You still have to (or at least you still should) check in your changes so that subversion can version the files correctly and so that others can see your check-ins, but if your source code repository only has a single user (you), you really aren’t forced to commit your changes.

And all this would be true in a perfect world where software works correctly and bug free all the time. Unfortunately, we don’t live in that world. After performing the Mesh and Subversion client installs on two computers, Mesh seems to be an in infinite loop. Mesh is continuously deleting and resynchronizing the files I deleted while offline from Mesh so that I could synchronized them through Subversion.

Switching to "work offline" didn’t stop the loop. The only way I could terminate it was to delete the problem files one by one… all of them. The unresolved conflict loop then stopped, however my files were no more. What to do now? How about updating via subversion a second time? Unfortunately, that leaves us with the same unresolved conflicts loop.

While this all seems like it should work perfectly well, it doesn’t. At the end of my testing, I have two computers using Live Mesh and working as Subversion clients. One of the computers is synchronized with my Live Mesh Desktop, but the other computer is actively  not synchronized. This seems to be a bug with Mesh since Mesh should synchronize all changes no matter how they’re made. Maybe this process would have worked with modified or rearranged steps. I don’t know.

So what have we learned here today? Well, the full synchronization method is too error prone and problematic. The gateway method would probably work fine for most people, although I proved that Mesh still has some synchronization bugs, so it may not be ready for prime time just yet. Either way, if you go about attempting to set this up, tread carefully, do your Subversion updates with care, and watch for Live Mesh synchronization issues. And don’t cry when your files mysteriously vanish. You’ve been warned…

How many browsers do you test with? I’ve got five… and all on the same computer at the same time. Of course, we have Firefox, Opera, and Safari. Those are usually the easy ones to get right. But wait there’s two more.

You can install the beta of IE8 right now, but doing that takes IE7 off your system, right? Not unless you have IE Tab installed. IE Tab is a Firefox add-on that loads the IE ActiveX control inside of a Firefox tab. But not from IE8 that you just installed, it loads the IE7 control. Sure you can emulate IE7 inside of IE8, but you need to restart the browser to enable and disable emulation. With the IE Tab trick, you can develop web apps and have all five browsers up at the same time.

Of course, I’m not saying that you shouldn’t test on the same browsers in other platforms. This is just a great place to start.

Have you heard about Digsby? I was turned onto this by Scott Bauer and am a daily user of it now. Digsby is basically an email and social network aggregator:

It periodically checks your accounts for new messages, so that you don’t have to have all your different email accounts open (especially if you have more than one account at the same provider like Gmail which means you can’t have multiple tabs open and be logged into each account at the same time… but I digress). Via a flyout menu, you can quickly see an overview of all your unread messages and open, reply, or delete them right there. But that’s not the most intriguing aspect of Digsby. Where I see the most promise is the chat feature. You can put a widget on your blog which people that visit your site can interact with:

It tells the user if I’m online and if so allows them to start typing away. I’ll get a popup IM window via the Digsby client on my desktop and the chat has commenced. Google has a similar feature with their Google Talk embedded widget, but it’s much clunkier. Here’s Aaron Lerch’s impromptu description of it:

I got an IM via google talk with a big-@$$ web link, which I click and it takes me to a page that has a "launch talk" button, which pops a window that is the web version of google talk and includes a "Guest chat" tab.

Yeah… Thanks, but no thanks. I’ll stick with Digsby. Also, if you were paying attention you would have seen the "Digsby Widget 5/7" in the first screenshot. That tells me how many people are currently on my blog and whether they’re active or not. Sure, you can see that sorta stuff with Google Analytics or Feedburner:

However, unlike Google and Feedburner Digsby’s stats are in real time. Those are people that are on my site at this very second. I can even initiate the chat with them if I wanted to. Pretty sweet. Sure, that may not scale well in the future, but I’m a long ways from that being a problem…

Digsby is pretty full featured and supports Gmail, Yahoo, Hotmail, AOL, IMAP, POP, Facebook, MySpace, and Twitter… although for Twitter you’re really better off with Bitter

So if you break out of your feed reader and ever visit my blog, give the widget a try. I’m a nice guy. We can chat. Here I’ll give you a topic. Duran Duran is neither a Duran nor a Duran. Discuss…

I admit it, I have a big one. Sometimes being big is great. All that size is helpful. But sometimes you get made fun of for being big. Like at work, the past two days now. I pulled it out at a meeting and Scott made a comment both times: “Geez, Mike… that’s a big laptop.”

You see I’m of the opinion that you need to either go big or go small. No in between. That’s why I bought the HP Pavilion dv9428nr laptop. I wanted a machine that was still portable, but could act as a desktop replacement. And with a 17″ widescreen, dual core 2.20 GHz, 2GB RAM, I would say that it does the job well. On the other hand when I just need portability and small size, I go to my (now relatively outdated) HP iPAQ 2215 Pocket PC or to my LG Cherry Chocolate. On either one, I can check email wirelessly, surf the Internet, read RSS feeds, read books… They do the job and easily fit in my pockets. You see, I get these devices. They make sense to me.

Then there are the “in between machines”. These are the computers that don’t have a clear identity or place to fit in. For example, take the Asus Eee PC 4G. It’s small, but not too small. It runs Linux or Windows XP. It has a 800×480 monitor. It has USB slots, an SD slot, 802.11g, ethernet, and an external monitor port. It costs between $200 and 400.

It isn’t bad, but it isn’t great. It isn’t too terribly slow, but it definitely isn’t fast. So where does this fit in? What role does it fill? It may fit in my coat pocket during the winter, but it won’t fit in my jeans or shorts in the summer. It could work as a “couch term”, but if I wanted to do some serious programming or watch some quality video… eh, not so much. If that was the case, I’d just go get my laptop. If I wanted to check email in my car or in line at the post office, I’d use my phone or my pocket pc. The Eee PC would be too big. If I wanted to check my email or do some work while on travel or at a conference, I’d pull out my laptop. I wouldn’t need the small size of the Eee PC.

So where do these “in between machines” fit in? I can see buying the Eee PC if I simply can’t afford a powerful laptop. I’m sure there’s a market for that, but how big of a market? However, not all these computers are targeted at those markets. The Samsung Q1 is a small handheld tablet computer meant for video, email, Internet, etc. This is a case where they’re trying to put the desktop in your pocket, but with specs like a 900MHz proc and 512MB RAM, you just aren’t getting that.

This suffers from a lot of the same drawbacks as the Eee PC. Too big for real portability yet too weak for real use. However, this one isn’t quite so cheap. With a price tag of around $1000, you really have to want one to buy one. So I ask again, where do these “in between machines” fit in? Or maybe the better question is…

How big are you?

I’ve recently started getting into web development. Some javascript here… some ASP.NET there… It’s all pretty interesting and definitely different from desktop development. One thing that I’ve found helpful is all the great (and free) tools out there. Here are some of my favorites so far:

• Reflector - Of course there’s Reflector. Everyone knows about Reflector. Not necessarily web-centric, but definitely web-useful.
• Aptana - This is a great Javascript, CSS, HTML tool that has intellisense and keyword coloring built-in. It also supports Ruby on Rails and PHP as well as Javascript debugging in the browser.
• Firebug - Speaking of Javascript debugging, there is Firebug. This is a Firefox extension that lets you set breakpoints in Javascript, shows you errors in Javascript line by line, and also lets you view and modify the HTML, CSS, Javascript, and DOM of any page in realtime and view the results. Really slick.
• Web Developer - This is Firefox toolbar that allows you to mess with cookies, Javascript, CSS, images, and just about everything else. It can overlay layout information right on the page and I’m sure lots of the other things that I haven’t even found yet.
• IE Tab - Here is another Firefox extension, but this allows you to see your page rendered by IE from within Firefox with only one click.
• Builtwith.com - You put a URL into this site and it gives a report of all the technologies used to build the site. Satisfies your curiosity when you’re foaming at the mouth to know how they built that uber cool site you found today.
• Fiddler - This is an HTTP debugging tool. It acts a proxy and logs all your HTTP traffic and lets you set breakpoints, modify data, and all that. It automatically works with IE, but have to configure Firefox if you want to use it as a proxy.
• ViewState Decoder - A nifty little tool that allows you to put in the encrypted ViewState text blurb and it will show you the cleartext all formatted pretty.
• NoScript - Who can forget about NoScript? I’ve blogged about NoScript from a security prospective, but it can also be used to disable Javascript for your current page or selectively disable Javascript based on domain.

I’m sure there are many, many more. Like I said, I’m still fairly new at this. So what are your favorite tools for web development?

No, not *this* site, but sites that show up in Google’s search results just might:

See the little warning underneath the title up there? Well apparently this message shows up under search results that Google has “identified as sites that may install malicious software on your computer”. You can even try to click the link, but Google will warn you once more just to be sure:

If you’ve protected yourself like I’ve talked about before, then you’ll probably be ok, but most people don’t. (Disclaimer: Don’t hold me responsible if you get h4ck3d anyway. You’ll be the one that has to fix it!)

I just have to wonder how Google is deeming these websites as “virus-y”. Does it have a farm of machines armed with various browsers visiting all sorts of different sites and then seeing if they come out without a scratch? Or does Google go test the site right after it gets added to their database? But then what if a site was originally clean, it gets added to Google’s database, but then a week or so later it either gets infected or even intentionally starts installing malware to unsuspecting visitors? Then you have Google results that indicate that the site is safe to visit even though it really isn’t. And that’s probably worse: having a false sense of security. Then what if Google in their infinite wisdom says that my site “may harm your computer”. What am I to do? Would I be stuck with this stigma forever?

However, it’s still probably a good idea for Google to provide this type of service. Most people still can’t tell a malicious website from a hole in the ground and wouldn’t be able to tell if anything had been installed even if their system is totally infested with trojans, worms and the like. What’s worse is that some people seemingly don’t care or even want to get infected. And with malware variants on the rise, don’t expect things to get any better…

Ever see something in a Google search that you wish wasn’t there? Have you moved your blog from blog host to blog host and now have a mess of 404 links scattered across the web? Well, then the Google webpage removal request tool is for you!</cheezyintro>

I first started my blog on Blogger then moved to Wordpress then probably about a week later started hosting my blog myself. Consequently I have a ton of bad search results out there. Well, I came across Google’s tool and it’s turned out to be a handy little tool for instances like this. The main page shows you all of your requests or only the pending requests:

If you want to make a request, simply click on the handy button and then you’ll be presented with three options:

• Information or image that appears in the Google search results.
• Outdated or “dead” link in the Google search results that returns a 404 not found error.
• Inappropriate webpage or image that appears in our SafeSearch filtered results.

Choosing the first option is generally used for content that you don’t control or for content that has changed. The second option is for content that is no longer available (and is the only one I’ve used so far). The third option is when dirty stuff beats Google’s SafeSearch filter.

I requested five removals about a week ago and they were all removed and within a few days. So if you have antiquated search results that need scrubbing, give the Google webpage removal request tool a try!

Scott Hanselman recently blogged about backups. Jeff Atwood recently blogged about security. Often times those things go hand-in-hand. So here’s how I do things:

• I use TrueCrypt to encrypt my flash drive as well as other important data. TrueCrypt is easy to use, secure and free. There’s no reason not to use it.
• I don’t run as administrator… most of the time. After installing TrueCrypt, I can use my TrueCrypt Traveller disk as a non-privileged user and it works fine. The only machine that I still run as an admin is my Snapstream Beyond TV box, but I rarely get on the console to do anything anyway. All the rest of my machines are running with non-privileged accounts.
• I use the No Script FireFox plugin. This is a whitelist/blacklist style plugin so any sites I haven’t explicitly allowed don’t get to run their scripts. And we all know how bad scripting is now.
• My household stores all our data in one NAS device. We don’t have some data here and some data there. It’s all on the NAS. This is really convenient when reformatting any of the PCs since I don’t need to save off any data first. Also, when backing up I just need to backup this one device and I’m done.
• I store my backups off-site. I have an external USB hard drive that I bring home once every couple months. I put the data into a handful of TrueCrypt volume files, copy it to the drive, then bring it back to work.
• I don’t use Anti-virus. It’s slow, it barely works and when it does work, it’s only for known viruses. But when I do need to scan something I just upload it into a new mail in Yahoo as an attachment and Yahoo scans it for me. Bam, virus scanner on demand.
• I don’t use virtual machines. Not because I don’t want to, but because you need to buy an additional license for your OS to use it in a VM. This may not be an issue for you open source guys, but it is for us who use Windows… and it ain’t cheap.

So there’s my grand strategy. What yours?

TrueCrypt is an open-source encryption program that lets you encrypt collections of files into a TrueCrypt volume or let’s you encrypt your whole USB flash drive. You can even set it up to leave no traces or hint of TrueCrypt for some nice plausible deniability.

I currently use it to split my 4GB flash drive into a 2GB TrueCrypt volume to store my financial data, code and other stuff I don’t want other people’s mitts on and then I leave the other 2GB unencrypted for things such as videos and other files that I don’t want to have to force through TrueCrypts on the fly decrypter.

When I plugin my flash drive, TrueCrypt auto starts:

…and then asks for my password:

Then it’ll mount your TrueCrypt volume as another drive on your computer:

After that, you can use it the exact same way you would any other drive. Everything you do on this newly mounted drive (note: T is the encrypted virtual drive and H is the USB flash drive in this case) is actually run through TrueCrypt and encrypted/decrypted on-the-fly before being read from/written back to your TrueCrypt (*.tc) file.

This allows you to do some other cool things such as:

• Put all your data into a TrueCrypt volume before backing up and storing off-site. Maybe even with some batch file goodness.
• Safely use a service like Mozy so that your data won’t be super exposed when travelling over the world wide web.
• Deny any involvement when the KGB has you and your flash drive and is about to start pulling teeth.

And coincidentally I’ve done all of those…

We know why RFID is a bad idea for passports. It looked like all hope was lost, but then there was a beacon of hope… and then another. It seems like Basic Access Control (BAC) should help protect from eavesdropping and some metal shielding will protect from skimming. Too bad they’re easily cracked… so easily cracked. So what choices do we have? Well apparently you can always hit it with a big hammer.