I was intending on attending the Managing Scalable .Net Solutions.  Some how through the process of looking at the schedule on Blair's (I nice Canadian gentleman also attending PDC by himself) PDA.  I ended up in some kind of presentation where I learned the existence of MSDNAA.  Which is a MSDN subscription available for educational institutions.   Sounds good, but that was all I learned.  Coincidentally that was how long it took me to look up the correct BOF location. 

I heard a lot of talk around instrumentation and performance counters.  Do you mean we should instrument our applications so we can do things like base line for performance checks as we move forward, and tell a story some day when the application just doesn't want to run or one of the servers in the farm seems to be behaving badly?  I love this stuff. 

Then there was talk about security in the enterprise.  One thing that jumped out at me was the comment that 70% of the hacks come from within.  The external attacks on average cost about $50,000, but in contrast internal attacks cost on average 2.7 million.  I will have to google on this and find out where these facts exist.  I have always said that the internal attacks cost more.  I would like to make it a little more personal and suggest that ignorance makes up most of those so called attacks.  I have seen some pretty heinous accidents that could and can be avoided with some behavioral modification techniques.  If you are a least privileged kind of developer you know what I mean.  "   ", said in so many words, that web services are the least of our worries.  Ya, at least when we talk about web services security is always the major subject when it comes to convincing the IT guys.  So why don't they ever say anything intelligent about SQL injection attacks on the legends of vulnerable code that already exists.  I guess if you have a firewall and forms auth every thing is cool :)  We know better than that. 

So the really cool thing about today is that Ted Neward of DevelopMentor was sitting in the audience.  He had some comments about the fact that we (IT community [I like to call it we instead of they, as it should be]) are very good at Protection, but we are not good at Detection and Prevention.  Detection and Prevention is about the guys on the wall with the spears and the hot oil (it is a quote from a book that escapes me at the moment).   I am not real familiar with Detection but Prevention is something we as developers can implement right in our own island.  First stop acting like an island.  Ok, I am not going to rant an this.

Ted retold a story that I originally saw through Craig Andera's web blog.  It was quite entertaining while also being a very important example of how our lazy behavior, get it done with out really thinking kind of mentality.  Hey we have firewall, and we spent $83,000.  Doh!

BTW the BOF was hosted by Michele Leroux Bustamante and Patrick Hynds, I believe they are both Microsoft regional directors.