I’ve been working with WiX ( wix.sourceforge.net ) for generating application installers over the past few weeks.

The project is rapidly evolving (if I recall, it was one of Microsofts first forays into open source development) but as a side effect finding up to date documentation can be a little taxing. The documentation is good and quite comprehensive, but often subtly incorrect or outdated.

Anyway, we have a few services at work that require certificates to be installed at install time into the Windows certificate store. Previously we had a couple of custiom actions designed to configure the user and store, but after a little investigation it appears like this functionality comes for free in the Wix toolkit.

It’s confusingly in the IIS extensions, which is a bit of a misnomer- it’s only in there because it was originally designed to install certificates for web servers, however it works perfectly for any certificate.

So how do you do it? In Wix3, ensure you first have a reference to WixIIsExtension.dll (in the default install, it’s in c:\Program Files\Windows Installer XML v3\bin) in your project if you’re using voltive, or manually linked if you’re building on the command line. The following example is of a fragment which installs two certificates, one as a Root certificate authority and another as a certificate in local machine.

<?xml version=”1.0″ encoding=”utf-8″?>
<Wix xmlns=”http://schemas.microsoft.com/wix/2006/wi”
xmlns:iis=”http://schemas.microsoft.com/wix/IIsExtension”>

<Fragment>
<Directory Id=”Directory_Certificates” Name=”Certificates”>
<Component Id=”MyRootCert.cer” Guid=”*”>
<File Id=”MyRootCert.cer” Name=”MyRootCert.cer” Source=”..\..\Path\To\MyRootCert.cer” />

<iis:Certificate Id=”Certificate.RootCA”
Name=”MyRootCert.cer”
Request=”no”
StoreLocation=”localMachine”
StoreName=”root”
Overwrite=”yes”
BinaryKey=”Certificate.RootCA.Binary”
/>

</Component>
<Component Id=”RandomCert.p12″ Guid=”*”>
<File Id=”RandomCert.p12″ Name=”RandomCert.p12″ Source=”..\..\Path\To\RandomCert.p12″ />

<iis:Certificate Id=”Certificate.MnpTestCertificate”
Name=”RandomCert.p12″
Request=”no”
StoreLocation=”localMachine”
StoreName=”personal”
Overwrite=”yes”
BinaryKey=”Certificate.RandomCert.Binary”
PFXPassword=”myCertPassword_Optional”
/>

</Component>
</Directory>

<Binary Id=”Certificate.RootCA.Binary” SourceFile=”..\..\Path\To\MyRootCert.cer” />
<Binary Id=”Certificate.RandomCert.Binary” SourceFile=”..\..\Path\To\RandomCert.p12″ />

</Fragment>

<Fragment>
<ComponentGroup Id=”Component.InstalledCertificates”>
<ComponentRef Id=”MyRootCert.cer” />
<ComponentRef Id=”RandomCert.p12″ />
</ComponentGroup>
</Fragment>

</Wix>

People just love to go on about search engine optimisation these days.  They LOVE it.  SEO experts are put on pedestals as the salesmen that just keep selling, even when they’re not at work.  If they’re not going to do it, their competitors will, after all.

Except SEO is a mugs game, the “experts” are full of shit and it’s pretty much all lies.  I’ll give you this one for free.  By the end of this post I’ll have walked you through how to search engine optimise your web presence and with any luck, you’ll see the benefits.  Before I do that, I’m going to give you a little background information.

The person that “manages” the SEO in your company (if the job listings for “SEO Managers” are to be believed) are sharp, sales focused individuals with a good grasp on technology. As such, these individuals are relatively well paid, for a general sales job anyway.

I did a very quick sweep of some job sites and came across the following job listings.  These represent a fair sample and are pretty much the average (source http://www.totaljobs.com/JobSeeking/SEO.html).

SEO Manager £35000 – £45000 per annum + Bonus + Benefits
SEO Manager £35000 – £41000 + benefits
SEO Marketing Executive £30000 (SEM / PPC / Adwords / Analytics)
SEO Web Leader £30000 – £45000 per annum + Benefits  (Featured job)

Other Supporting Figures (http://www.itjobswatch.co.uk/jobs/uk/seo.do)
UK excluding London average salary    £30,267
% change on same period last year          +5.27 %

There are multiple pages of results that look the same as that cross section.  The average amount an “SEO Manager” pulls in as a base salary appears to be around £35000.  That’s not mathematically accurate, but it’s a reasonable estimate.

So what does an “SEO Manager” really do?  Well, interestingly one of the job listings above really gives the game away. “SEM / PPC / Adwords / Analytics”.  To decompose the acronyms “search engine management”, “pay per click”, Google Adwords and Google Analytics.

Lets dissect each of those job roles one by one and work out what your SEO Manager is doing for you.

Search Engine Management
This is actually a reasonably interesting category because it doesn’t mean very much. The real wins in “SEM” will be done by your programmers or your middleware CRM systems.  I’ll explain some of the valid techniques for “SEM” below, however, it’s important to note that “search engine management” doesn’t really mean anything at all and should be something to happen naturally as your website grows.

Pay Per Click Submissions
Daily, this role tends to involve the exporting of a product list from a database, and importing it to a number of PPC sites, such as Kelkoo and PriceRunner.  Often a very simple task to automate, despite PPC sites having a tendency to ask for data in weird and wonderful formats.  This bit of the job description probably covers nagging the PPC partners when they invariably don’t list your products in time.

Google AdWords
Daily, logging into your Google account, monitoring the Estimated Cost / Day on some keywords (and when I say monitoring, I mean “stopping bidding when they look too expensive”) and using the very friendly Traffic Estimator Sandbox to pick new links to bid on.  Not a hard task for a seasoned marketer of any kind.

Google Analytics / Analytics Software Of Your Choice
Adding a 2-3 line piece of JavaScript into your website and then logging in to your analytics package, to monitor the progress of your site, broken down into graphs and exportable data.

You could almost be fooled into believing that anyone could be an “SEO Manager” with roughly a days worth of reading the Google help documents and learning how to use a few very simple tools.  Oh, you were thinking that too?  This is a job your marketing department should be doing.  Don’t have a marketing department?  It’s not hard, it’s your job, and I can help you with some very simple tips.

You see, the good thing about Google is that they’re on your side. Google thrive for two reasons.

1. Search is their thing – Google is the internet’s home page, they drive almost 90% of the worlds traffic. You don’t need to play them, they want to know who you are.
2. Google survive by selling adverts.

Google want to list you as much as you want to appear at the top of page 1 (and, seeing as nobody reads past the first two pages of search results, better keep off page 3+).

So lets make it easy for Google to find you.

In the dark ages of the internet (or for the sake of argument, the early 2000′s) people were always trying to sell tips related to manipulating your Google “page rank”, the magical algorithm that Google uses to determine who appears at the top of the search page.  There were even some tips that worked.  That was 2002. Before we go any further I want to make one thing explicitly clear:

You can’t fool Google’s search results for your website.

SEO That Works

Got it?  Excellent.  So what can you do?

Lets take a fictional product in a reasonably established market.  You’re a company that develops interesting light fittings and lamps, and you’re about to launch a new range of touch-sensitive-base lamps.  Sounds plausible.

Luckily for you, Google is really really good at indexing websites, but there are a few simple tricks that help Google index you thoroughly and quickly.

1. Content is king

   If you’re trying to get highly listed for a keyword, ensure your site has content related to it.

2. The Holy Trinity Of Keywords

   One of the simplest and more effective ways to get indexed and ranked highly is to ensure that there’s a good relation between your URI and the topic you’re hoping to rank highly for.

   Make sure your URL, page title and keyword densities all say the same thing.  Ever wondered why if you search for anything on Google the Wikipedia link is always in one of the top three places?  This is why.

   Google indexing puts a lot of weight in to the relationship between the URI of your website, the title of your page, the header tags (H1) and the keyword density of your content.  To work using the above touch-sensitive light example a URL of http://www.touchlamps.com/shop/Our-New-Touch-Lamp.html would rank higher for the search term “touch lamp” than http://www.lighting.com/shop/touchlamp which would rank higher than http://www.homeware.com/products/123.  Likewise, if there were two shopping sites www.lamps1.com/shop/lamp and www.lamps2.com/shop/lamp if the page title of the former was “buy items” and the page title of the latter was “buy touch lamps” the latter would rank higher.  Having the H1 and H2 tags on your page relate to lighting or touch lamps would further endorse your page rank.

   What should you take away from this?  Ensure that for each page of your site, the keywords that you want t
   o be linked to for are frequent in the top 1/3rd of the page.

3. Use a sitemap

   Commonly missed, nothing helps a search engine better than a good sitemap.  You’d probably like to dynamically generate this for a large shopping site, but if you don’t, Google offer some nice webmaster tools to help you.  Sitemaps act as signposts for search engines, enabling them to efficiently spider and index your website, allowing you to dictate the way the search engine behaves related to your content along the way.

   Sitemaps help you tell the search engines how often you expect any given content to change, and suggest a frequency of re-checking to allow their indexes to be permanently up to date. 

   There’s no use in trying to see a new product if the search don’t know you’re trying.

4. Reputation Reputation Reputation!

   It’s all about who you know.  The internet is brilliant for spreading word of mouth so make friends with other sites that share either your interest, or interest in your products.  Nothing works better than a little positive PR. 

   Do you sell a product that has a rabid fan-base?  If so, consider searching for user forums or big sites in the user community and throw them some freebies.  This is a common trick in the ultra-competitive market of technology resale.  Supply fan sites with free samples in exchange for links and you’ll find that your page rank improves as a consequence. 

   Google and other search providers give “bonus points” to your ranking if you’re linked to by other locations that also rank highly for the same keywords.  Thus, you might take a financial hit for sending out products (worst case) or just be willing to help out other resources by linking to other useful content (if you’re not a retail entity), however the SEO-bonus and goodwill produced from such an effort will be worth far more. 

5. Sanitise Your URLs

   Having a URL schema that looks something like http://shopping.netsuite.com/s.nl/c.851077/n.2/sc.10/category.285/.f is the quickest way to punish yourself and your website for no reason.  I picked that URL at random, it’s a website based on Netsuite’s web platform and their CRM produces some of the worst URLs I have ever seen (I just searched for “netsuite /s.nl” due to pre-exposure to their URLs in search of an example, I couldn’t comment on the actual content of that URL).

   If your developers or your CRM aren’t producing human-readable URLs, get new developers or get a new CRM.  It’s really that simple, it’s taking part in the online market with a self induced handicap.  Url rewriting is very simple, and doesn’t even have to be perfect to be good enough.  It’s well supported using mod_rewrite in Apache or a handful of ISAPI filters on IIS up to IIS6, and supported natively with HTTP modules from IIS6 onwards.

   Look at it this way, what do you prefer: http://www.hotlamps.com/shop/123/touch-lamp or http://www.hotlamps.com/shop/s.nl/c.851077/n.2/sc.10/category.285/123 or http://www.hotlamps.com/shop/123.  I would always vote for the first URL, it reinforces what you’re attempting to sell, plays into your page rank bonus for Url to content relationship and just makes far more sense to a visitor.

   Use URL rewriting or you’ll regret it.

You’ve done all that and you’re still not getting traffic?  You’ve got a brand new touch lamp you’re trying to sell and just can’t get the page impressions?  Thinking about hiring an “SEO Manager” to make all your problems go away?  Stop.  Buy your visitors.

I’m not a marketer (and that’s probably obvious by now) but if you’re doing all the right things and people just aren’t seeing your product, it’s time to look into your cost-per-acquisition of a new customer.

You’ve just decided you need to go through with an online marketing push for your new flagship range of lamps.  A quick Google search (13th Jan 2009) leads with two sponsored links. One for “Touch Sensitive Lamps” and another for “Touch Lamps at Amazon”.  In addition to that, the sidebar (sponsored links) point to “M&S Lighting”, “Touch Lamps at shop-com.co.uk”, “Touch Lamps? at dealtime.co.uk” (a price comparison engine), “Lamps Touch”, at supaprice.co.uk (also, presumably a price comparison engine), Ask.com, and Shopzilla.co.uk/ComparePrices.

Two things strike me about those results.  The first is that most of them are price comparison engines buying sponsored ad space for the minimum buy price.  The second is that there aren’t many players in the “touch lamp” market past M&S so buying links should be easy. 

Regardless of your hiring an “SEO guy” or not, you’re going to buy buying Google ads.  It’s a fact of life in a world dominated by a single search provider and even more dominated by a single Ad provider.  You have to do two things, buy the right keywords, and play the price comparison engine game.

Buying The Right Keywords

The really great new is that Google has a fantastic tool available to you to predict how well buying clicks will go for you.  To maintain the current example, I ran a few phrases through the sandbox (find it yourself at http://adwords.google.com/select/TrafficEstimatorSandbox) and got the following results:

Using readily available tools, it doesn’t take any kind of expert to recognise trends when provided with tabular data.  You basically want to buy a good spread of keywords with the lowest CPC vs. the highest Clicks/Day, but more likely, meeting somewhere in the middle.  From the above predicted results (and remember, they’re just predicted trends) the two sure-buys seem to be “bedside” and “touch lamp”.  Which makes perfect sense. 

My one word of warning when buying traffic is to be careful not to get carried away.  I’ve worked for a company that crippled itself buying really obvious keywords and costing itself more to purchase some clicks than the profit margin on the item.  That’s commercial suicide.  Know what your recommended cost-per-acquisition is and don’t go over it, however good an idea it seems.

Playing The Comparison Engine Game

I don’t have very much to say about the comparison engines.  They often charge you for submission and position, and they index so many products that they have instant high ranking on search engines.  They minimum bid on any keyword that you can buy and are very prolific.

I’d pick just one or two to participate in, and closely monitor the ROI on any payments you make to them.  Don’t let them hold you to ransom, just remember that any links you’re paying for on comparison engines are placed side by side with the links of your competitors.  So make sure you’re the best OR the cheapest, but don’t presume the links have much value.

So Should I Hire That SEO Manager Anyway?

That’s totally up to you.  But as a rule of guidance, if you were to be selling a new range of touch lamps, you’re SEO Manager would have to bring in 28500 potential sales per year to make hiring him anywhere near as efficient and worthy as just buying 90 days worth of Google ads for “bedside”.  You could save your £35k, ensure your developers are doing the right thing and get the same results, for nothing.

Tricking Google

Earlier I said that “you can’t fool Google” and I really meant it.  Over the years tonnes and tonnes of tricks have been developed to exploit the way page rank works. 

A few of the most common tricks were:

• Flooding your page with huge collections of keywords the same colour as the background of your website to increase page rank via keyword density.
• Blog link spam
• Websites full of links to your own content

You’ll be pleased to hear that these techniques, along with being the digital equivalent of fly-postering, not only don’t work, but negatively effect your rank.  Google have something like 4,500 developers.  A large portion of them will be dedicated to stopping people tricking and abusing their ranking algorithms.  Don’t waste time trying.

Footnote

I used to work as a developer on a large eCommerce website specialising in IT equipment and hardware.  I was responsible for writing all the code that dealt with search engine optimisation and wrote the majority of the web-facing code.

I met many many people who claimed to have some secret source, I read lots of aging documents on Google page rank (whatever you read is out of date, page rank changes daily) and sat through too many meetings with brain dead SEO consultants who couldn’t advise anything concrete past their smoke and mirrors.

Worse than that, I saw some of these consultants hired to “improve” our page ranks in a number of unsuccessful and unquantifiable ways.  I’ve seen consultants cost tens of thousands of pounds delivering nothing when that money should’ve been spent on traditional advertising and content creation.  I’ve seen companies try and buy so many links it forced them to near bankruptcy.

I wouldn’t call myself an expert on SEO, but I certainly know what doesn’t work.  After three months of working on “SEO” the only things that ever worked for us, were good content, good links and purchasing Adwords.

I hope you take a few good practices from this, but more than anything, I hope you don’t buy into the SEO bullshit.

If you want proof that regularly updating content works, go search for “David Whitney” on Google.  My humble website ranks above any other (source http://www.google.co.uk/search?hl=en&q=david+whitney&btnG=Google+Search&meta=).

Good luck!

I’ve had quite a busy night this evening.  I’ve been trying to finish watching the third season of Alias (about 5 years too late on that one), ended up starting an article on best practices for build automation and integration testing in the .NET framework, worked my way towards watching the double episode première of the new season of 24, got tired, and now can’t sleep.

So a little bit of lazy doodling took it’s place.

Trying to clean my head of oceans and deep dark red so I can move on to other things.  I’m not really sure if I like anything about this apart from the reds in the sky.

I still have a few huge pieces stewing both on paper and in my head which I should get around to finishing but working entirely in red is exceptionally soothing, and thus, distracting.

Bed time.

Now Playing: Nine Inch Nails – In This Twilight

Another day another slightly amusing interview snippet.

So apparently Microsoft are taking a hard stance on including a BluRay drive for the Xbox 360. To quote Kotaku quoting Robbie Bach:

“It’s not a feature we get a ton of requests for. We really don’t. When you ask people the list of things they want to see us spending time creating in Xbox, Blu-ray is way, way down on the list.

The second thing is, from a technical perspective, it doesn’t help us in the core of what Xbox does, which is in gaming. We can’t have publishers produce games on Blu-ray disc. Because then they won’t play on the 28 million Xboxes we’ve already shipped. So it doesn’t help us in the core gaming space.

The third thing, and this maps to all three of those, is that it costs a lot of money. And so the scenario is, OK, let me get this straight: I’m going to add something to the product that’s going to raise the cost, which means the price goes up, consumers aren’t asking for it, and by the way, my game developers can’t use it.”

It’s a move I entirely agree with, but I can’t help but feel that they’d be cutting off this nose to spite their face if they didn’t end up offering it as an optional extra?

There’s a clear and good reason not to include a BR drive as internal. It makes absolute sense, it’d further fracture the already slightly divided 360 user base (really, who buys an arcade?).

That said…

Stating that there isn’t demand sounds like conjecture and a little bit of FUD to me. Microsoft look like they’re using it to try bolster the movie download business for themselves.  If they felt that HD-DVD was demand worthy of a console addon when far less people were interested, then it only makes sense that there is more interest now that a format has been decided.  Avoiding BluRay out of interest makes it seem like backing HD-DVD was actually a move to undermine Sony.

The drives aren’t even so expensive to make these days (combined BR/HD-DVD/DVD-RW drive for about $99 / £50 on general sale), but there would be considerable development time porting a java virtual machine to the 360 (presuming one doesn’t already exist), and lets face it, Microsoft don’t have a great history with the JVM

That said, I’m not aware of the market realities, but the critic in me would suggest they just don’t want to feed any licensing revenue into Sony and they’re more than just a little bit bitter.

That and they probably want to avoid inferiority comparisons when Sony go on their next “ah ah ah! we have Blu Ray included! that’s why we’re more expensive!” rant.

Personally? I’m not interested in a blu ray drive for me 360. They’ll likely use one on the next xbox as it’ll be the dominant format for high capacity disks by then, it’s only logical. Either that or they’re going to take one hell of a gamble on worldwide infrastructure. It’d be a fun bold move but probably one that’d cripple them as much as choosing BR crippled Sony for the first half of this generation. Not exactly a good business move.

At least they’re saying no categorically.

Everyone loves lists.  Everyone.  So much so that entire music TV channels appear to exist solely to tell me what the top X of Y are.  So, to do the blogging equivalent of locking the stable after the horse has bolted, here are a few reasons why I enjoyed 2008.

Music

I really hate picking my favourite music of a period because there are never quite enough places to note everyone.  Below are the CDs I really remember enjoying this year.  They’re in rough order and all of them albums below pleased me in very different ways.  Some of them are predictable choices for me, A Perfect Circle side projects, Porcupine Tree front-mans solo album, Opeth, Nine Inch Nails, but amongst them are a couple of bands who were both new to me and won a constant rotation.  Textures deserve a special mention for being by far my most enjoyed CD this year, while the Ashes Divide CD, whilst flawed in a few places, was my most played.

1. Textures – Silhouettes
2. Steven Wilson – Insurgentes
3. Ashes Divide – Keep Telling Myself It’s Alright
4. Opeth – Watershed
5. Slipknot – All Hope Is Gone
6. Meshuggah – Obzen
7. Cult of Luna – Eternal Kingdom
8. Nine Inch Nails – Ghosts & The Slip
9. Zimmers Hole – While You Were Shouting At The Devil… (We Were In League With Satan)
10. 3 – The End Is Begun

Honourable mentions:  Frost* – Experiments In Mass Appeal, Metallica – Death Magnetic, Made Out Of Babies – The Ruiner, Ayreon – 01011001, Cynic – Traced In Air
Biggest disappointment:  Tomahawk – Anonymous
Best live performance: Ministry

Games

I’ve had a big year of gaming.  I finally quit World of Warcraft in the latter half of 2008 which afforded me plenty of time to play just about everything that came out.  This year was slightly off balance with a most of the games that seemed to be worth playing arriving in the second half of the year.  Nothing this year grabbed me like Mass Effect did last year, but of the games I played this year, the following are worth a mention:

1. Fallout 3 (I enjoyed Fable 2, but I’m a Fallout kind of guy)
2. Left4Dead (my first online shooter for about 5 years, awesome coop fun)
3. Braid (the first ever XBLA game to convinced me to buy points)
4. World of Goo
5. Rock Band / 2 (for drunken fun and Christmas relief)
6. Dreamfall (The Longest Journey) (not all that gamey, but an excellent sequel)
7. Zack & Wiki – The Quest for Barbaros Treasure (the only reason to own a Wii this year)

Honourable mentions: WoW (for the good times), Gears 2, Fable 2, Mirrors Edge, Prince of Persia – all games that deserve their strong reputations, all second half of the year games.  I’ve probably forgotten the first half of the year now.
Biggest disappointment: That Sonic Unleashed was terrible, that Nights2 was mediocre.
Most anticipated for 2009: Heavy Rain (despite not owning a PS3), Mass Effect 2 (with any luck!)

Films

I somehow saw far fewer films this year than I normally tend to.  I’m not sure if that’s indicative of the quality of the films or just my lack of attention.  I have an unlimited cinema pass yet seemingly I’ve just seen nothing at all.  That said, I remember really enjoying:

1. In Bruges – Not what you expect at all, and a really quite human story.
2. The Dark Knight – Lets face it, everyone loved it.  I still enjoy Nicholsons Joker equally however..
3. Sweeny Todd – Very standard Tim Burton, but stunning to look at regardless.
4. Be Kind Rewind - Utterly charming and out of character for Jack Black
5. Hellboy 2 – Just pure fun
6. Vexille - Exceptionally stylish, but I perhaps enjoyed it for the visuals alone.
7. Wall-E – Standard Pixar, but very endearing.

Honourable mention: Zack and Miri Make a Porno (oh so Kevin Smith, but very funny for it)

Technology

Surprisingly the software that’s impressed me this year has all been very mainstream.  Certainly a year of lots of software maturing to a point where it’s excessively stable and usable.

1. Microsoft Surface – Surface computing black magic
2. Opera 9 – Polished web browsing
3. ReSharper 4.0 – C# / Visual Studio refactoring tool.  I don’t know what I’d do without R#.
4. NHibernate 2.0 – .NET port of the popular java ORM.
5. Windows Vista / Server 2008 (finally shaking off it’s dubious reputation, at least with the informed)
6. Google Maps Mobile
7. Windows Live Mail
8. Notepad++ – Great alternative text editor that finally replaced context in my heart.
9. Google Reader – Upsettingly better than all t
   he other syndication services.
10. Wacom Bamboo (graphics tablet)
11. Windows Live Writer
12. XMBC going multi-platform with the Atlantis port – Hands down the best home theatre application.

TV

I’ve been watching less and less TV, and seemingly slipping towards more light comedy than anything over this past year.  Too many long evenings writing software leads to shutting off your brain eventually.  I have been watching a few shows religiously however.

1. South Park
2. Terminator – The Sarah Connor Chronicles
3. How I Met Your Mother

Pretty much in that order.  South Park is the one piece of TV satire that’s consistently on the mark and funny, the Terminator series is a lot more grown up than Fox would like you to believe and How I Met Your Mother, while stealing from Friends and Scrubs in an odd hybrid, is very entertaining and endearing.  Also an honourable mention goes to The Big Bang Theory for making me feel at home with television personalities.

I should really get around to catching up watching Heroes and Lost and Dexter, but they require a little more engagement than the above.

So there we have it.  I’d list books, but the books I’ve read this year have been all the “obvious” computer science books that people always say they’ll get around to reading but never do (books like The Mythical Man Month and The Pragmatic Programmer) so I’ll not bore you with yet another predictable list of the best programming and computer science books ever written.  I’m fairly certain you can find that list on CodingHorror.

I enjoyed those things in 2008, and I hope you check at least a few of them out.

I value time.  In fact, I value time above all else, I really believe it’s the only commodity that you never get back.  I’m not a religious man, I hope something great happens when you die, I’ll settle for something interesting, the thought of nothing terrifies me.

So when I say I’m a “recovering” World of Warcraft player with (well) over 100 days /played over three years (not ultra-hardcore, but reasonably so) and I haven’t logged in for over two months, many people would probably react in utter confusion as to how somebody that values his time so highly can so fruitlessly waste it on a repetitive game like WoW.

It’d probably also surprise you to know that when I look back on my life and mentally prepare the list of “things I regret”, I don’t think that spending three years playing WoW will be on that list.  There are lots of things I regret about playing Warcraft.  I regret missing films, the odd social event, I regret angering my partner, I regret putting on weight, I regret being the caricature that South Park made so famous, but I don’t regret playing the game.

I spent a good year and a quarter of my time playing WoW as an officer and raid leader in a medium sized, social, adult raiding guild (hello “Home of the Ghost Lords”!) and I loved every second of it.  I spent a good four months driving home from work during my lunch hours to plan raids, running through sign-ups for that evening.  I spent all my evenings reading up and planning subsequent raids, and I spent the time in between raid start and getting home quickly raid-prepping whilst eating off my lap.  Sounds like the rock and roll lifestyle, I know.

The funny thing about a medium to large sized Warcraft guild is that it functions as a tidy little ecosystem representative to some degree of the larger world, much like high school.  Only in this world, instead of teens desperately trying to find themselves, you’re paired with adults with the largest sense of entitlement you’ll ever meet.  That’s not a criticism per se, it’s just the attitude that emerges regardless of best intentions.  The other curious thing that emerges, is that you start identifying the traits of natural leaders easily.

A natural leader, in any realm, is a rare and delicate commodity.  I’m no fan of middle management and business meta-work and I believe that anyone that desires to have power over their peers should never be given an ounce of it.  That’s the archetype of a bad manager at work, someone obstructive and destructive to a team dynamic.  World of Warcraft encourages the most unlikely of natural leaders to come forward and do what they do best, they naturally lead.

There’s a very special kind of chemistry that just works when a raid is planned by somebody that nobody will argue with.  They don’t not argue because the leader has a singular vision that’s universally approved.  Often far from it, they don’t argue out of respect and trust in someone with such presence that they’re willing to see through the raid on his judgement alone.

These are the people you need leading your business projects, your art projects, your rock bands.  These are your superstars, your thinkers, and the people that should be given control, often without themselves realising it.

You learn a few things when you’re managing a team of 25-40 people every night.  The first thing you learn is how to say no.  In business, it’s easy to say no, any unobservant middle manager type can say no to something.  Try saying no to 10 people who are paying for the privilege to attend.  Once you learn how to say no with tact and grace, you never forget.  You learn politics far surpassing your average workplace micro-dramas.  You learn team selection.  You learn to play to individual strengths and weaknesses with subtlety.  You learn how to use humour to control a crowd and how to be serious to drive one.  You learn to trust strangers to do their jobs.  But most importantly of all, you learn how to keep moral up (WoW wipe nights aren’t anyone’s idea of fun).

You also start to notice the anti-patterns and their real world equivalents.  You notice the meta-workers.  Anyone that’s played the game will be able to identify them.  The rogue that browses wowhead for 16 hours a day checking out gear upgrades only to stop raiding when he achieves them.  You know who to flag up as a no-show or unreliable team member, you can identify the middle managers of the world, the players that re-open endless debate on trite subjects of non-interest just to make a noise.  The sales people / DPSers that are all talk and no performance.  And you always notice the people that just never meet deadlines, whilst simultaneously hoping that they’re not your healers.

You also notice that however hard they try, people that just aren’t leaders will never be able to learn to be.

I’m a software developer by trade, so there’s a certain amusement value that comes from seeing these same stereotypes in the work environment, purely because the type of mind that’s conducive to working in IT and the type of person that plays RPG’s are often one and the same, so perhaps the similarities resonate more in my field than most, but if you think you ever want to manage people, I’d recommend you try some raiding first.

I miss playing Warcraft, and I miss going to work from the night job for a bit of easy graft.  I miss the guild in particular and I played with fantastic people from all wakes of life and nationalities.  But I’ll always remember, regardless of if I relapse or not, that I had the honour to encounter three genuine leaders, even if they don’t know it yet.

Your teams are broken if your leaders aren’t doing the leading and the troops aren’t naturally rallying.

If you’re going to take anything away from this post:

1. Always know who your leaders are
2. Let them lead
3. Always know who your A team are
4. Less QQ moar pew pew

Piracy is always a big issue in the software industry.  It’s a global epidemic and everyone is guilty of it.  You are too, and you know it.  That doesn’t make you evil, it just means you are as morally flexible as everyone.  So taken this as a given, as a SME developing custom software, how do you protect your investment and ensure the success of your product?

First, we need to address some universal truths.

1. All software of any value will be pirated.
2. All copy protection mechanisms will be worked around by someone of sufficient intelligence.
3. If you have produced a good product for sale on the open market, it will be pirated.

Stealing software is VERY easy.  Once we, as professionals, are comfortable with the fact that our products WILL be stolen, we can start attempting to maximise the sales.  In order to sell just about anything, you need to know who your target audience is.  Who exactly are you selling to?  There are four types of user…

1. The Legitimate Customer

   If you have the pleasure of having a legitimate customer, make sure nothing stands between them and using your software.  Help them out at every turn and never obstruct their usage.  They pay your bills, remember that.  These people will pay for your software and upgrade and maintenance.  They may well all be corporate entities who under threat of inspection need to remain 100% above board (tip: Develop software for the legal industry, they’re pretty much not allowed to steal).  Home users may fall into this category simply because they don’t know they can steal software easily.

2. The Moral Pirate

   You probably fit into this category.  You pay for software, you like to think you’re a good software citizen.  You may occasionally go to the pirate bay to grab a cracked version of an application because the demo or cripple-ware version really gets in the way of you trying the software.  You probably wouldn’t think twice about installing one copy of Windows on two separate machines however.  People can end up accidentally becoming moral pirates simply due to a lack of understanding of (often confusing) software licenses.

3. The Immoral Pirate

   Immoral pirates use file sharing networks, Usenet, peer to peer or private FTP as their default method of software delivery.  They don’t want to pay for software.  They may believe they’re stealing, they may believe they’re in the moral clear as your product endorses evil / closed source mentalities / kills kittens.  You’ll only ever get a sale from the camp if your software is so incredibly hard to steal or find that it’s much more convenient to pay for it.  And even if that’s the case, they’re more likely to investigate an alternative first.

4. The Career Pirate

   You will never sell a copy to this person, except if they’re actively trying to produce a crack themselves.  Career pirates will produce cracks, publish 0-Day copies of your application, and they’ll do it for the challenge.  Intricate copy protection mechanisms act as encouragement to career pirates.  The harder the better.  It’s an arms race that they will *always* win.

Coming to Terms With Piracy

The first thing you have to realise is that software piracy isn’t actually a bad thing.  Software piracy often introduces people who will later become legitimate users of your software to your product.  If you find that a vast majority of your users are stealing your software, the first thing you need to do is find out why they’re stealing instead of paying…

• Is your software too expensive?
• Are you pricing for business but aiming at the individual user?
• Is the cracked version of your application actually better than the paid for edition?
• Is your “home” offering too basic and people prefer to steal an overpriced “Professional” edition?
• Worst of all, is your software crippled by draconian DRM?

If the answer to any of the above questions is yes, then you’re not dealing with a technical problem, you’re dealing with a social engineering and marketing issue.  It’s YOUR FAULT that your software is being stolen because you’re not selling it properly.  You have to be prepared to take responsibility for a misjudged business decision.  It’s not about blaming anyone, it’s about fixing the problem.

Targeting Your Audience

Out of the four groups of users listed above, ignore the fact that the third and fourth group exist.  You will never sell software to those people, they will steal it.  Get over it and move on.  You’re not going to stop them, don’t waste valuable time and money trying to.  Yes?  Good.

You need to protect your software in a way that it actively encourages the first and second groups of users to pay you for your hard work.  The legitimate customer is easy.  They’re going to pay.  Don’t make it hard for them.

The second group is slightly harder.  They’re probably going to pay you, but if they can steal your software really easily, they probably won’t bother.

What you need is some kind of authentication system that is reasonably simple, doesn’t hinder the users and offers some kind of advantage to the paying customer.  Now the funny thing is, this is a solved problem.  For the past decade companies have been experimenting in trying to squeeze the odd payment out of the immoral and career pirates who were not going to pay a penny to start with.  The answer is the serial number.

Serial numbers work.

If you take anything from reading this essay, please take this.

What Not To Do

The following authentication mechanisms are horrible ideas…

• Online authentication

  Do not presume your clients have always on internet access.  If they don’t and you implement this, they WILL pirate your software or go to a competitor.

• Products that Phone Home

  If you’ve been naive enough to saddle your software with online authentication and start thinking that products that phone home are a good idea, start thinking about what happens when that product no longer has internet access…

• Commercial Root-kits 

  There is nothing more immoral than saddling your users machine with software they don’t know about and can’t remove, especially when it is recording their usage and using up CPU cycles.

But!  What if these authentication mechanisms can actually net me a few more sales!  Forget it.  They won’t.

The pirates will still steal, and most importantly…?

You’ll have just spent a small fortune in R&D, infrastructure and development creating a bypass-able authentication system that you then have to keep operational forever.  Unless you manage to con your users into what is essentially a software rental model, those servers of yours have to be available until the end of time, with databases of all your registered users, the level of access they’re allowed to your application and all manner of other data.

Running these oppressive registration mechanisms is expensive, and can potentially introduce defects into your pristine code.  What’s more, they can get in the way of legitimate users and paying customers, driving them to become moral pirates.  As was stated at the start of this piece, you must never put obstacles between legitimate users and paying for your software.  That is commercial suicide.

This is not to say that you should give your product away.

Protecting Your S
oftware

Now that we’ve looked at what not to do, how on earth can we protect our software?  I really do believe in the serial number.  But a few sane coding practices can help you protect your software fairly easily.

At the simplest level, a serial key can be achieved using common Public-Private key encryption techniques.  Take some key data regarding your application (commonly something like registered user / organisation name, number of licenses granted, perhaps an email address) and encrypt it with a private key.  Your application has the public key embedded within it.  If that information decodes correctly, then the application is registered.  Simple.

But not fool proof.  I’d rather not mislead you by implying that that solution would just work perfectly.  If a cracker could isolate the portion of your code where you load the public key into memory, he could produce a cracked executable with a different public key encoded inside, and thus sign his own keys that would unlock the modified application.

The good news is that depending on your target audience, it’s almost certainly more work than your average user would bother with to steal your program (just don’t load a file from “approot\publicKey.key” and think you’re being diligent!)

The benefits of a simple solution?  Easy.

1. It’s really really easy for users to register your software.  They pay you, they get a serial key.
2. You need not store lots of user information for registered users, the key can be regenerated given the same inputs.  Therefore, low overhead on authentication servers as the user technically only need perform this operation once.
3. Relatively secure, uses known cryptographic techniques.  Certainly beats some traditional “just multiply the username as bytes by some random number”.
4. Low impact on the application as a whole.
5. Authentication data can be changed between minor versions, breaking any key generators in the wild and making the software more inconvenient to crack a second time.

There are a few other tricks you can use.

1. If your software is lucky enough to print out user data in some output, then you’re home free, people won’t share a serial number if their name is stamped on all the documents that the counterfeit copies produce.
2. Don’t externalise your serial number checks in to an easily replaceable DLL / assembly.  It’s just too easy to isolate and replace.
3. Don’t call the authentication method just once returning a boolean representing “is registered” or not, this is also easy to isolate and replace.
4. If you use an interpreted language, user code obfuscating tools to stop simple decompilation.

Conclusion

Hopefully the above outlines have made the issue of small software piracy a little easier to understand along with explaining why obstructive software registration techniques won’t win you sales and instead often cost you both sales and development money.

Don’t fear software piracy, just attempt to give your legitimate users an experience that’ll make them want to act as your agents to their friends and associates.

You can’t pay for any marketing as effective as genuine goodwill.

What happened to “don’t be evil”? 

Why do you insist that people “posting or displaying the content you give Google a perpetual, irrevocable, worldwide, royalty-free, and non-exclusive license to reproduce, adapt, modify, translate, publish, publicly perform, publicly display and distribute any content which you submit, post or display on or through, the services”?

What made you think that the world needed another browser?

When you decided you wanted a browser, was the design brief “Opera, but use WebKit, and a new JavaScript implementation”?  That’s really all you produced.

JavaScript needs fixing, you’re right about that.  But if for a second you think the “correct” way to fix JavaScript is to ignore significant inroads made by other corporations and organisations in a massive “not invented here” haemorrhage then you’re very, very mistaken.

But most of all, what made you think that people won’t see this as the transparent attempt to force the hand of web standards that it is?  Seriously, let me get this straight;  When Microsoft do ActiveX and invent things like the XML RPC object, that’s evil and against standards and trying to lock everyone to Windows.  But when you create a browser and re-implement JavaScript in an attempt to force the other browsers to follow your lead in an further attempt to give Google Apps a stranglehold on the majority of “online applications” that’s just fine?

JavaScript really really needs fixing, and yes, a lot of people use GMail, but to try and suppose that the entire web is so dominated by Google Apps that a browser need be created to drive market share towards them is pure egotism, especially for a company with at most (and I’m being generous) four successful projects under it’s belt (Search, the killer app.  AdWords, the money.  Google Maps for a slick implementation and debatable GMail due to market share).  It’s lunacy to think that you’re fixing anything, rather just adding an extra layer of development and complexity on to the already arduous battle for web compatibility.

Your browser isn’t bad, it’s quite clean, it’s likely another eternal beta, but in the end, it’s just a stripped back version of Opera.  I’m sure you’ll do a good job of it, but in the end, will yet another minority browser really be worth it?  You need another hit, I really appreciate that, but try remember not to be evil on the way.

I just wish you’d put all this effort into existing technology.  One of Mozilla’s millions of prototypes (you are the sugardaddy after all) or even Opera (seeing as you like it so much) would be ideal, lets not repeat history again and again.

There’s nothing more rewarding than programming on huge displays.  Say all you like about notebooks and pocket sized this and that, but if you really want to bed in and do some hardcore development, or graphics editing, or just a bit of browsing, whilst gaming, whilst listening to music, whilst watching videos, there’s nothing like masses of screen real estate.

For the past year and a half or so I’ve been enjoying two 19″ monitors (single monitor configurations feel very claustrophobic to me these days) and the experience has been “ok”.  However, finally the price points on reasonable 24″ monitors are right and I’ve invested in a little bit of an upgrade…

That’s 19″ (1280×1024) – 24″ (1920×1200) – 19″ (1280×1024).  I’ve not added the numbers together to get an accurate calculation of desktop real estate, nor have I attempted to work out how much more productive the lack of task switching and windowing has made me.  But I’ll tell you what… it’s incredibly cool.  And yes, it does take up the entire length of a dining room sized table.  And no I don’t have a problem with that.

The graphics card powering the configuration is pretty simple.  People rave about the Quadro FX cards but I went with a wholly more LO-FI setup of my current-ish generation 3d card 7900GT in PCI-E x16 mode powering the 24″ in “Single display” 3d rendering mode (for gaming), along with an old (as in, in a box somewhere) 7300GT in PCI-E 2x mode (same family, easy compatibility, same driver…) powering the two 19″ displays.  Works a treat.  Finally I found a use for the fact I needlessly bought an SLI motherboard.

I can’t begin to explain how much benefit you get from dual displays (and other people have explained it far better than I could), but the third is pure luxury.  The ability to have documentation, masses of source code and a running app a glance away is priceless.

The new display is a Benq 2400.  It’s a TN panel, so graphics “enthusiasts” will probably deride its colour reproduction (TN panels can’t quite produce the same depth of colour as other panel types), however it’s well reviewed, has decent contrast ratio and response times and no dead pixels.  Looks and feels fantastic to my heathen eyes and I’d definitely recommend it (£257 inc vat.).

I’ve got two or three things lined up and half written on technical subjects to finish up before they appear here (mostly surrounding good API design and how to achieve it, and myths about Exceptions in the .NET framework) but I’ve been exceptionally busy lately.

I’ve been enjoying the semi-private beta of Stackoverflow, Jeff Atwood and Joel Spolsky’s project to provide a “developer self help” community akin to Experts Exchange (just “without the suck”).  It’s pretty solid and appears to be playing out like a kind of Xbox live for programmers, at least in the beta, while people try to quickly answer things to get reputation and badges (think achievements).  I don’t know if the enthusiasm will hold out post release, but people do like shiny virtual awards, and people always have questions.

Attended the Bloodstock Open Air music festival at Catton Hall in Derby over this weekend.  Horrible horrible drive (whoever figured that not lighting roads where you’re expected to drive at 70mph was a good idea probably should be taken out the back and shot) but we stayed in a Hotel in the nearby Burton Upon Trent rather than camped.  The music was very much above par (if you like metal / extreme metal) across the three days.  In all honesty, I went to see Opeth headline the Friday and Soilwork play third slot on the Saturday but there was generally a lot of good material to fill the time.

Over the three days we managed to watch (earliest to latest):

A few of those are partial (as much Dimmu Borgir as I could handle until I got bored, only about half of Destruction, Mob Rules and Overkill).  We caught the first track Napalm Death played before I remembered that they’re a little special (and not in the good way), and I made a point of leaving before Nightwish on Sunday night (it was raining, and Nightwish make me feel ill!).

Highlights were Opeth headlining (shortened set, Fredrik Åkesson seems to fit in better on lead guitar than he did on the pre-Watershed tour), Soulfly playing a lot of Sepultura, Tyr and Alestorm for utter hilarity (battle metal and pirate metal respectively), Soilwork being as tight as ever, Swallow the Sun being very atmospheric and At The Gates being metal as hell.

Overall at the end of the weekend I was feeling somewhat burnt out watching live music.  Which means going to Leeds next weekend will be a bit of effort…  I suspect we’ll just go to watch the big headliners (Metallica, Slipknot, rage against the machine and Queens of the Stoneage) perhaps skipping the Sunday entirely as it’ll be a case of driving to and from Manchester each evening.

I also went to check out the Star Wars: The Clone Wars animated feature length this evening.  As a huge extended universe Star Wars fan I pretty much feel indifferent about it.

It looked nice, was fluid, the voice acting was decent enough, the battle sequences were pretty cool, the light saber fights were decent looking if soullessly put together. 

Unfortunately they wrote an average main story (instead of one of a million better clone wars related tales they could have filmed) added a very annoying seemingly cross dressing English talking Hutt, and then went through the dialogue of the script adding pet names for minor characters to make the dialogue feel a little awkward and kiddie.

It wasn’t bad, I did enjoy it.  I’ve always left Star Wars cinema experiences (usually on opening night, they somehow slipped this under the radar) feeling elated, and this time I came out feeling pretty indifferent.  It was reasonable, a great kids film I guess, but whereas they previously made Star Wars kid suitable, this time it feels like they didn’t quite make the directly kid orientated release adult friendly enough and somehow made a few Star Wars characters say things they shouldn’t ever have had to say (Jedi calling a Hutt lave “Stinky” is just plain wrong).  I guess I just hope they make the animated series a little more adult friendly.

Hopefully I’ll get a few technical posts finished up in the next few days.  In the meantime, checkout Stackoverflow.com, see the Clone Wars if you can silence your inner adult and go listen to some Swallow The Sun.