It's been quiet on this blog recently, one reason being that it is conference season again. Last week, I was in Munich for VSone, where I did three talks:

• LINQ to SQL
• ADO.NET Entity Framework
• ADO.NET Data Services

At this very moment, I am at the airport in Frankfurt waiting for my flight back from the ready.for.take.off Visual Studio 2008 / Windows Server 2008 / SQL Server 2008 launch event here in Germany. It was the biggest developer event in Germany so far (7000+ conference participants), and Microsoft gave away quite a nice package of software: VS Standard, TFS with one CAL, Windows Server 2008 Enterprise with 5 CALs plus a voucher for SQL Server 2008 that will be available later this year.

I was staffing ATE (Ask the Experts) at this event, initially for IIS7. However, we were very pleasantly surprised that the attendees showed great interest in TFS / VSTS, so I switched duties to that area (VSTS / TFS is a growing business for me as I do training and consulting for those products). Hopefully this free license will trigger more adoption because Team System is such a great tool!

Yesterday, we found ourselves at the receiving end of an attack against one of our German Wikis that are running the ScrewTurn Wiki software. Turns out that it was a security issue even with the then latest version 2.0.23. Dario Solera - the maintainer of ScrewTurn - acted real fast when I informed him about the root cause of the attack and released v2.0.24 yesterday night.

Please download and upgrade immediately! The issue is being actively exploited (zero day if you so will).

TechEd Developers 2007 is over, and before moving on (and flying back to snow in Austria), here is the list of sessions I attended this year:

• TLA201 - A Tour of Visual Studio 2008 and the .NET Framework 3.5
• OFF401 - .NET Developers Advanced Introduction to SharePoint 2007
• TLA324 - What's New in Team System for Software Testers
• SEC301 - CLR Security in .NET Framework 3.5
• DAT201 - Entity Framework Introduction
• WEB401 - Building Highly Scalable ASP.NET Web Sites by Exploiting Async Programming Models
• TLA304 - Building Services with the Service Factory: Modeling Edition
• DAT303 - Entity Framework: Application Patterns
• TLA305 - Continuous Integration With and Without Team System
• TLA307 - Improving Code Performance with VSTS 2008 Team Edition for Software Developers
• DAT304 - Managing Unstructured Data in SQL Server 2008: Introducing the FileStream Datatype
• TLA403 - Loose Coupling in Practice: CAB in the Real World
• ARC401 - Designing High Performance, Persistent Domain Models
• TLA407 - Dealing with Concurrency and Multi-Core CPUs with Today's Development Technologies
• SBP307 - Modeling and Composition of Applications
• TLA319 - The Joins Concurrency Library
• TLA405 - Parallel and Async Functional Programming on .NET with F#
• WEB403 - Securing your High-Risk ASP.NET Web Applications - A Case Study

Compared to last year, I managed to attend more sessions, however, there were also more duds. The last session (WEB403) turned out to be the one that earned the raspberry this year (a close runner-up: TLA403). Coming out on top I decided to nominate three: OFF401, TLA307 and DAT303.

I got myself an eval kit for RSA SecurID tokens to see how easy / hard this would be to deploy via AD. Well, I didn't get very far, that is, installation failed spectacularly in the early stages:

After this "helpful" message box setup decided to be more specific:

Ohh-Kay. Let's go to RSA and their support center (it takes roughly five clicks to get to online support, but that's another usability story) - sign in required. Hmmm. How about creating an account?

The eligibility is a real joke: "RSA customers who have a trial product (This does not include two user demos)". Excuse moi? On the Web site you told me that I was ordering a trial and in actuality it turned out to be a "2-User Promo Kit" (the moment I needed support I looked more closely on the package...) without support.

Maybe it's the Microsoft Windows Server 2003 R2 Enterprise Edition VHD I am using?

"The Sony Ericsson Update Service for Windows Vista™ will be available for download on www.sonyericsson.com/updateservice in September." You ain't serious, right? This is more than annoying simply because I don't have a single computer with XP any more - not that SE software ever worked on XP either.

On May 10^th, we recorded the interview on SharpDevelop that is now live on .NET Rocks. The interview starts around minute ten in this show. I tried to give some background on project history (if you really, really want all the details: look here), some of its features, where we stand today in comparison to VS Express, what's up next (hint: version 2.2 end of this month), and what the near future holds for SharpDevelop.

After the interview I realized that I mentioned most devs only by their first name, which happens if you are part of the team for nearly seven years! Therefore, I'd like to formally apologize for any confusion this might create and point to the development team page on our Wiki. There, you will find Daniel Grunwald (current technical lead), Mike Krüger (project founder now working for Novell on MonoDevelop, read an interview with Mike), Matt Ward, David Srbecky and the many others who make and made SharpDevelop the #1 open source IDE for .NET. Thanks guys!

A couple of links in closing: Download Wiki Forum

Tuesday June 19th I will be doing two sessions on IIS7 - administration and programmability.

Today marks the offical day of me switching from Eudora to Outlook 2007. I have been a long-time fan of Eudora, and it served me well over the years (oh glory days when my mail program plus mailboxes did fit on a single diskette).

With Eudora being end of life, I had to make a decision which mail client I will be using in the future - and I have to say that every single one had its moments (ever enjoyed the fun of querying multiple mailboxes on the same mail server in Thunderbird?).

So long, and thanks for all the fish.

A couple of notes to self:

• Creating a CSR (the short version)
• How do I generate a certificate request? (more detailed if you want to change RSA key lengths which I would recommend)
• Contents of .pem file for Stunnel

The latter is especially important if one fails to grasp how to turn the private key plus the certificate into the .pem for Stunnel. By the way, I was using CAcert. That works just fine for internal email servers.

I have one drawer of CD / DVDs that I haven't GCed in years - and possibly won't ever. That stuff is really a trip down memory lane. For example:

In addition to the agenda for Web TechEd 1998 (the only one ever) I also still have the post conference CDs plus it's accompanying system requirements correction letter: 486 or higher and 8mb of RAM.

Speaking of hardware requirements, here is another goldie:

Chicago SDK Kit, May 1994.

There's a lot more old stuff in this drawer, and I am not going to clean it out!

Today, I uploaded a preview of version 2.0 to CodePlex. There are two big ticket new items in comparison to version 1.3:

• Plugin support The TFS checkin policy only tests for existence of code comments. For many applications, this is just fine. However, sometimes you also want to test for completeness of comments (i.e. a refactoring "broke" the documented parameter list). In this case you can use the new extensibility API, which comes with two sample plugins in the cccplibcontrib project. The API allows you to select which checking you want to override or complement, and you get full access to the parsed source file just like the stock implementation ("abuse" for non-code commment checking purposes obviously possible too). If you come up with a cool plugin, be sure to contact me for inclusion into the contrib project!
• MSBuild task This build task lives in cccplib, which is entirely independent of TFS or VSTS (it was written by Matt Ward). Therefore, you can use it eg with CruiseControl.NET or simply as part of the local .*proj files. What's the purpose of this build task anyways? Simple: as part of the build, you get information on "code comment coverage", just like you do with let's say code coverage and unit tests. Currently, you only get an XML file with the report - if you are XSLT-savvy and want to contribute a HTML report transform, let me know!

To get an overview what v2 looks like, how to configure it, etc you might be interested in this demo screen recording.

I have been doing some sprucing up of SharpDevelop's Web offerings today - namely the code converter. Up until today, you only could convert syntactically valid classes. Recently, Daniel implemented the SnippetParser class, which is now in use for the snippet converter (C# to VB.NET, VB.NET to C#). Note: the Web service for code conversion does support both class and snippet conversion, a Windows client sample is available for the former.

Also new (just completed a few minutes ago) is the code formatter: it uses the highlighting engine from SharpDevelop's text editor to HTML-ize a bunch of formats: ASP/XHTML, BAT, Boo, Coco, C++.NET, C#, HTML, Java, JavaScript, Patch, PHP, TeX, VBNET, XML. Again, there is a Web service available, as well as a sample using the service. This offering is built upon the HtmlSyntaxColorizer sample that can be found in SharpDevelop revisions > 2522 (currently only on the build server)

I am sure that both the snippet converter as well as the code formatter are welcome additions. Spread the word! After all, it's free.

Fiddler is a HTTP debugging proxy. Although it is easy to use (a very good thing!), it is also very powerful. Point in case and why I am writing about it today is that I stumbled across a drive-by-download site (stumble is the wrong word, the URL came with what seemed like a phishing mail and that piqued my interest):

That site is actually quite clever though: when you go there the second time, it detects that it tried to infect you before and tells you that your IP is blocked. And it doesn't send a peep to a browser other than IE. Plus - and that takes the biscuit - it also verifies the referer.

But I still wanted the code, so I reset my router and started Fiddler:

Although Fiddler has tons more features, this did the trick for me in this case (if you want to learn what Fiddler can do, look here).

So what's the obfuscated script about? The short version: it is a variant of the ASUS download server drive-by download incident. The actual code can be found in a discussion on our German .NET community site here.

...doesn't necessarily yield what you are looking for as the first result:

Especially #1 I would rate as misleading and advertising that leaves a very bad taste in the mouth.

For the past couple of years, I had been using SharpReader - today, finally, I switched over to FeedDemon. It simply is faster, especially at the number of feeds I have subscribed.

I have been re-awarded MVP for Visual Developer ASP/ASP.NET.

You will have to wait till next year to get this (and more) new functionality for the Code Comment Checking Policy. For example, a WiX-based setup:

Also in the box now: version information to easily see which assemblies are currently in use when you are adding the policy:

Also, there are a few changes to the configuration of the policy. Note that this will require you to remove & add the policy back to the team project's source control settings. The new defaults are the same values as the previously hard-coded configuration:

So check back next year!

Two weeks ago, during this year's AspInsiders summit, I got ahold of a 1982 (!) copy of "The Soul of a New Machine" at Half Price Books. I still have to decide whether the equally ancient Continental boarding pass DEN-SEA used as a bookmark will be kept too (I guess so), but the book is definitely worth your time - be it for a computer history lesson, or on the "signing up" concept and all other project management topics being touched on (without it being a pm book). The story in itself is more than fascinating, so although old by now, it does come highly recommended.

At next year's VSone in Munich (a German developer conference taking place in February), I will be doing three talks:

• Visual Studio 2005 Team Edition for Database Professionals
• User Account Control (UAC) in Your Applications
• Advanced Code Access Security (CAS)

Two security topics, one team-development focused. See you in Munich!