Smartphone enhanced, large scale live action role playing


It all started with a dream – literally.

The other night I had this weird ass dream.  I was playing a live action game (sorta like Assassin) with a GPS enabled smartphone as my guide – in this case, my Nexus One.   It seemed to go like this:

When the game was starting, the application I had purchased and downloaded notified me.  From then on, I had an assassination target, and someone had me as a target.  Additionally, there were teams – but you didn’t know who was on your team.  In fact, I hadn’t met any of the people I was playing with.

The application gave me salient information about the target, and would notify me when I was near a team member.  It was up to me to track down the target on my own and neutralize them – the app didn’t have their location information.  It did, however, have location info on my team members.  No one had a team member as a target – those people were allowed to work together if they could find each other.

This led to a wide assortment of weirdness in my dream, including finding Gabrielle (who wasn’t my wife in the dream) to be one of my team members, and large amounts of urban exploration in what was apparently a post-apocalyptic Downtown Columbus.

What’s more interesting to me is that the idea is totally feasible.  Using technology available right now, one could write an application that lets a person register for the live action game.  The app could be terminate and stay resident in order to provide notifications, or the central server could text users with broadcast information.

Once the game is started and everyone is online, you would log into the app, and your target information would be available from the application.  Research tools might be built in.  Mapping with waypoints is essential.

Most interesting is the peer to peer sharing of GPS data.  If you got near a team member, the application would let you know – perhaps even using bluetooth as a closer metric than the GPS.  Once thus notified, observation and hensojutsu would be your guide, and you may have a valuable partner in the game, if you play the cards right.

This could be played in a company, or a group (like a school) or a city, or even nationally or globally is money no object.  What’s more, it shouldn’t be that tough to write. I don’t have the chops to do it on any mobile platform as things stand right now, but it would probably have to be built for Android, iPhone and Windows Mobile 7.  There would be pretty strict requirements for the hardware, but I bet you could make some coin if you set it up, and it would be a hell of a lot of fun.

If someone does it, invite me.  I might not build the app, but I sure will play.

The internet can be a good place

I have had an internet accessible email address since 1984.  Yes, I was 13.  I was a high level member of Navarone Junction, a popular BBS, which had internet access.  I wrote a Talk client in 1990, and surfed the web when there was one web page.

I’ve seen a lot.  I’ve attended weddings and funerals.  I’ve been party to births and suicides.  I’ve seen businesses flourish and wither.  When the Oklahoma City Bombing occurred, I ran for a terminal, and contributed 200 lines of Perl to a site in order to keep the news feed updating.  On 9/11, I helped administrate a message board 24x7 for days, waiting at  home until Gabrielle could make her way back from Chicago, where she had been on a contract. As someone who has started near the birth of the contemporary Internet, and has never left it since , I can hardly be surprised anymore.

One community has surprised me in the post dot com boom – Reddit.  I have been a member for 5 years, putting me ahead of all but two of the current staff.  Reddit is amazing.  They had a secret santa where thousands of people who don’t even know each other send amazing, thoughtful and unique gifts to each other – just for fun.  They helped save a number of small businesses, but the one closest to my heart was Soapier, a Florida handmade soap manufacturer.


Anyway, enough history, on to my story.  Most of the readers of this blog probably know of my son Adam (above, nekked, with Reddit Alien Soap), a precocious 5 year old who has a bent for getting into trouble and breaking things.  Anyway, one day, he broke my Reddit bobblehead.  This thing wasn’t a toy, but I would let him handle it occasionally.  One day, of course, he broke it, and I set it aside to fix.  Several days later I tried, but couldn’t make it look good, so I tossed it.  Such is the way with things and me.

Recently, Adam asked where it was, and I was surprised.  It had been a year since I threw it away.  I was sure he had forgotten about it.  I told him that I had tried to fix it but couldn’t and had thrown it away.

The waterworks started and could not be stopped. He bawled.  I showed him pictures, and told him it was a simple thing. He persisted in telling me that the Alien was his ‘little guy’ and he was so sad.  I got the tissues.

Then something amazing happened. He said “Ask the man with the little guy picture if he can help.”  I won’t exaggerate when I say it took me a full 30 minutes to figure out that he meant Alexis Ohanian, aka Kn0thing, the original alien artist.  The reason he came up with this description was the icon that Alexis uses on his twitter feed, which is often on my desktop at night before I put Adam to bed.  He has seen it, and noticed, and remembered.  Astonishing.

Alexis is an amazing character.  He was one of the post-boom startup kids who came out of the Y-Combinator and made good.  He helped build Reddit, helped sell it to Conde-Nast, took his winnings and invested it in Kiva.  Can’t say that about too many people.

Shocked at Adam’s observation skills and persistence, I messaged Alexis and told him of the meltdown.  After some correspondence, Kn0thing came through and a package of swag came from Reddit HQ! (Or BreadPig HQ, actually.  Close counts.) 

It’s been a while but finally Adam and the alien were reunited and we decorated his room with the swag.


He was rather pleased with the USB drive.  It has a place of honor next to his computer now.  Thanks, Mr. Alexis!


The Reddit poster was a hit.  It’s the Reddit Alien as a baby!!


That now is the cornerstone of the room.

It’s a little thing, but it all teaches an important lesson.  Often you’ll hear someone put blame on ‘the internet’ or ‘people on the internet’ for some trouble or another.  Fact is, the internet is a collection of individuals.  Yes, the remarkable history of the computers makes it a weird place with a long, long memory, but it still is a collection of people, some drawn together with a common purpose and some singular in their effort.

More than anything else, if you look hard and participate in the right communities, like Reddit, or Homebrewtalk, or Lockpicking101, you find that there are genuinely good people in the netverse, and it restores your faith in humanity. 

Or, at least it did mine.  Your mileage may vary.

Database modeling with M screencast

A month or so ago, lockpicker and friend Schuyler Towne and I agreed to push eachother a little to do some video in our respective fields.  Now, I am an accomplished lockpicker, and Schuleyer is a fantastic artist, but his gift is lockpicking, and mine is software development so we stuck with those topics.  We even went so far as to set up a Google Spreadsheet to track our progress.

Schuyler, of course, cheated, and has a video already in the can.  It then took me a month to get around to shooting my first screencast.  It's on using M to model everyday databases for everyday projects:

There is some mobil phone background noise.  Sorry about that.  Lesson learned.  The demo is good though.  It shows just how easy Microsoft is making it to build a complete, source controllable data model and deploy it to SQL Server.  It's pretty slick.

I hope everyone enjoys the screencast.  Next one is on generic collections in C# 4.0.

Without writing a single line of code

There has been a recent influx of simplified integrated development environments in a number of environments.  The goal of these IDEs is to make it possible for Line Of Business users (LOBs) to build data driven applications easily and simply.  This is an admirable goal, but there are a few problems.  For some reason, even though the problems recur again and again, the same mistakes are being made.

First is the assumption of the needs of the user.  In a boxed IDE like Microsoft Access or the new LightSwitch, the user only has the tools that are given to them.  The moment that the requirements change, a blackbox is introduced.  Sure, you can build a custom control to show the flash ad in your advertising management application, but the moment that a code change needs to be made, when a flash version changes or whatnot, the dev can't be found, the control isn't in TFS, no-one knows how to fix it, what language it is in, or anything.  The whole app goes down the tubes beause one custom component was lost.

Second is application lifecycle.  Applications like LightSnack ... er ... LightBeer ... uh ... LightSwitch have a short shelf life.  Need an example?  Infopath.  A number of companies bet the farm on Infopath.  Where are those apps now?  The bit bucket.  Yes, I know InfoPath is still around, but it isn't an effective technology anymore. Do you really want to bank on the existence of LightSwitch in two years, much less twenty?  I don't.  Sure, you can 'graduate' the code base to Visual Studio, but how does that code look?  How aboutwhen a VS upgrade comes around?  Will it hold together then?  And I am not picking on LioghtSwitch - Access has all the same problems.  I recently spent weeks at the Ohio Department of Health upgrading an Access 2003 application to Access 2007 when 2010 was already out.  Shelf life of a tightly integrated IDE has to be taken into account.

Third is the famous "Just because you can doesn't mean you should."  You can't build EBay in WebMatrix (or even the Original Web Matrix), but it doesn't keep people from trying.  Then when the business is depending on it, the failure becomes evident through a scale problem or a requirements or scope shift, and then the 'fix' becomes an emergency.  This is just not a good idea, but it seems that no one will take a moment and consider the implications either when building the IDE or planning the applications.

Finally, this flies in the face of every architectural best practice out there.  Here.  Take my data and just write something in some generic tool to edit it.  What?  That's not how I want my organization to be run.  You may not edit that data without using the controls provided, I am sorry.  I don't want ot have to manage 100s of little applications, built on tens of little IDEs either.  That's not how Enterprise Architecture is supposed to work.  So you think enterprises won't try and use this?  See point three above.  If they can they will. (hat tip to @srkirkland)

Unlike a lot of developers, I don't have the 'I'm a professional developer and I write code so I think drag'n'drop tools suck."  I am not like that.  I am a pragmatic guy.  I use simple tools for simple organizations' simple problems all the time.  But I go in knowing that the solution has a limited lifespan.  Honestly, the tools that are coming out today won't be used like that.  They will be used like Infopath and Access, to write LOB applicaitons that will become essential, and then go stale and have to be rewritten in a hurry.

These kinds of IDEs lead to the kinds of practices that lead to failed IT strategies.  Consider carefully before using them.

Modeling the ‘exactly one of several collections’ case in EF and M

For a long time, I have used the ‘totally unique’ power of the Guid to design the ‘exactly one of several collections’ problem in my databases. The Zen case is that of the container in an inventory management system.  The container can be on exactly one of the collection of stores, or exactly one of the collection of trucks, or exactly one of the collection of warehouse locations.  I can’t, in any case, be in two locations, or no location.


How I usually implement this is to have a single LocaationId in the Containers table that is of type GUID, and is a foreign key for the TruckId, StoreId or WarehouseLocationId.  Since Guids are globally unique I don’t have the worry about a duplication between tables.  Effectively, the Stores, Trucks and WarehouseLocations tables have an implicit uniqueness constraint, which I can enforce in code if I am getting really squirrely.

I was pleased to see that Entity Framework 4 handles this well.   A “Model from Database” command puts up an entity model that looks strikingly like our domain model diagram.



All I have to do here is alter the navigation properties to show a single location, but that pass back either a store, truck or warehouselocataion, based on maybe a simple Location interface.  Good enough.

Where I was curious is in learning how M will handle this design.  As it turns out, not as well. I ran the “Model from Database” and got this:

module dbo
    export WarehouseLocations, Stores, Containers, Trucks;
    WarehouseLocations : {({
        WarehouseLocationID : Guid;
        Aisle : Integer32;
        Shelf : Integer32;
    } where identity WarehouseLocationID)*};
    Stores : {({
        StoreId : Guid;
        StoreNumber : Text where value.Count() <= 16;
    } where identity StoreId)*};
    Containers : {({
        LocationId : {
            StoreId : Guid;
            StoreNumber : Text where value.Count() <= 16;
        } where value in Stores;
        ContainerId : Guid;
        Description : Text where value.Count() <= 128;
    } where identity ContainerId)*};
    Trucks : {({
        TruckId : Guid;
        VehicleCode : Text where value.Count() <= 16;
    } where identity TruckId)*};

Yeah, that wasn’t what I was looking for.  Somehow, the members of Store ended up as values of LocationID as an entity …. meh.  It’s CTP software, but it is worthwhile analysis.  Perhaps I’ll dig in and see if I can figure out how M came up with this after the weekend.

VS 2010 Tip: Select error dialog contents


Back in March when I was testing VS2010’s final versions, I tried to get the contents of a dialog box in order to look up an error.  It’s a small thing, but you can’t copy the contents of dialog boxes any more with the mouse.  I was bummed, so I submitted a Connect ticket:

“It is not possible to select the text in most dialog boxes generated for Visual Studio exceptions. For instance, when attempting to change the network mix in Web Load Tests, the dialog box refers you to a URL at for details on administration privileges required. However, it is not possible to select the URL and paste it into a browser.”

As I expected, I was told to go away, they were in RC and weren’t going to add a feature now.  That’s cool.

However, I just got an email from Neelesh on the Load Test team, and he points out that:

“As a workaround you can use "Ctrl_Insert" to copy message box text, paste in notepad and select URL. Kludgy workaround, i agree.”

Kludgy or not, it works great and I’ll use it.

My day-to-day tech


Since I have been back on the consulting bandwagon, around business types and not the same people every day, I have gotten a lot of questions about the tech that I carry every day.  I promised a few people I would blog about it, so here we are.


Here is my day to day tech.

The big laptop is a Toshiba Tecra M7.  It is the best laptop I have ever owned.  It’s it a tablet, and generally rocks.  However, Toshiba won’t support Windows 7 on it, so it runs too hot and won’t wake up properly from hibernation.  Considering going to Windows Server.

The e-reader to it’s left is a nook.  The nook is the best overall e-reader on the market.  It has a soft keyboard, and flexible, Android-based display.  The whole OS and rendering system can be replaced with a Micro-SD card.  Barnes and Noble does a great job supporting it.  It might not have been ready for market when they launched it, but it was always the best out there.

Above that is my Texas Instruments Chronos ez430.  It is a programmable watch.  It has a MSP340 microprocessor, and comes with a wireless interface and pinning for a usb adapter.  You can do neat stuff like change your PowerPoint slides, or measure your sensei’s punch speed with it.

To it’s right is my IronKey.  This is a USB drive, 4 gig, that is waterproof and hardware encrypted.  If you fail to enter your password 10 times, it destroys itself.

Next is the Nexus One.  This is by far the best device, let alone phone, that I have even owned.  It is a Android based slate similar in form factor to an iPhone, but I think it has a lot less suck.  (I know everyone loves the iPhone, it’s like a puppy.  I think it is unusable.)

Hmm, what’s next.  Oh, my Wand Of Business Analysis +4, otherwise known as a livescribe pen.  Basically, everything I write on the special books that I get for it gets moves to my laptop for later analysis.  Also, everything that is said while I am writing is recorded, in time with the writing.  So if I need to know what a customer said while I drew that diagram, I just click on it and the recording starts there.

Finally, a walkman.  Yes, I said a Walkman.  It’s a 8 gig Sony Walkman MP3 player.  Why?  Lots of reasons.  I don’t like to kill my phone battery running music.  I use it as a radio.  I can feed the music to my car.  I have it sync to my desktop to get podcasts.  And it is light, cheap, and if I destroy it by accident I can get a new one with my Best Buy Silver Reward points.

So there we have it.  Years of geeky research and gadget dependency reduced to a blog post.

BigInt not recognized in an Access 2007 ADP

Anyone who has read my blog or twitter feed, or worked with me, or drank with me, or been in the same room with me for longer that ten minutes, all know that I do not approve of using Access as a business-class development platform.  The technical debt that it creates is not worth the effort, and you end up depending on a software package that is better suited to tracking your recipes than your HR paperwork.

That said, there are some solutions that are well suited for Access, and one of them is form-filling.  In this example, we have an HR department that is required to fill out a form that uses some SQL Server-accessible data, and some entered data.  The resultant paper form has to match a template exactly.

This is the kind of solution that VSTO is actually very good for now, but VSTO wasn’t a reality when the solution was developed, so I give them a break there.  Since the only other real option is to build out a full windows application just to print one form, or to save off copies of Word documents, Access is a decent solution here.

Anyway, back to the problem at hand.  I need to add some fields.  The application is an Access 2007 ADP upgraded from Access 2003, and uses data from a SQL Server 2005 database.  I shift-double-click to enter the editing form.  As I right click on the table to enter design view, I get a surprising error:


If you can’t read that, the text says:

"Table 'table_name(dbo)' could not be loaded.

The table being loaded into memory has a user-defined data type ('bigint') that is not recognized.

Close all your open database diagram and table designer windows.  The new data type will be recognized when you re-open the diagram or table designer."

Needless to say, when I close all open windows and re-open them, the problem is still there.

So, usually when I blog about a problem, I have a cool fix.  This time, not the case.  I posted to the partner support forums and got this response:

“Based on my test, I was able to reproduce the issue on my side, if I create a table in SQL directly and open the ADP file associated with the database I see exact same error message when I try to design the table in Access.

create table a1 (id1 bigint primary key)

Also, if I try to create a new table from Access, I cannot find "bigint" in Datatype options.

It seems to be a limitation or issue in Access that it doesn't support bigint in design view though the tables work as expected in other functions.”

That’s kind of a shock: it’s actually a bug in Access 2007.

Anyway, I ended up dropping the table and re-importing from SQL Server which worked fine, BigInt and all.  I have a response in to them as far as finding a better solution, and I wonder if using an ALTER TABLE query might work.  Maybe I’ll roll back and try that.  I’ll post any update here.

SQL Modeling talk at the Central Ohio Day Of .NET

Thanks to Mike Wood and others for asking me to give my SQL Modeling talk at CODODN.  Events like CODODN are important, because they bridge the gab between local events and the larger regionals like CodeMash.  Smaller groups sometimes mean better hallway conversations and the like.  Kudos to all those who participated in getting this together.

Anyway, here is the solution ( (2.65 mb)) from my talk.  No slides for this talk, just a little talking and a lot of coding.  Get the bits from the SQL Modeling Website, and make sure you have SQL Express 2008 installed.

 Thanks to all who attended; good questions and insight.

New lockpicking book coming out by the guy who taught me

Deviant Ollam, the guy who taught me (and Gabrielle) how to pick locks at Defcon 15, has a new book out, Practical Lock Picking: A Physical Penetration Tester's Training Guide.  I recommend that everyone get a copy, without ever having seen a page of it.  Fact is, Deviant has a passion for teaching - and not just lockpicking.  He is a wealth of information and a guru of many topics.  What's more, he is so very good at expressing them. 

Anyone who has been to Columbus L.I meetings and seen me to an intro presentation knows that I use DOs Intro to Lockpicking deck that he gives at Defcon.  His site,, is a wealth of information.  His presense at the carious hacker cons has done more to spread locksport than most.

If you have an interest in physical security, I pre-recommend this book.  Too bad Syngress did it, and I wasn't allowed to write Lockpicking for Dummies.  Oh well.

Bill Sempf

Husband. Father. Pentester. Secure software composer. Brewer. Lockpicker. Ninja. Insurrectionist. Lumberjack. All words that have been used to describe me recently. I help people write more secure software.



profile for Bill Sempf on Stack Exchange, a network of free, community-driven Q&A sites