Now this is a cool sample - how to build a managed debugger. Some might say "So what?" but I think this is great way of getting a better understanding of the CLR and the workings of the debugging and profiling infrastructure of .NET.

Piccolo is a toolkit that supports the development of 2D structured graphics programs in general, and Zoomable User Interfaces (ZUIs) in particular. There are currently three versions: Piccolo.Java, Piccolo.NET and PocketPiccolo.NET (for the .NET Compact Framework). This makes it easy for Java and C# programmers, even those targeting PDAs, to build their own animated graphical applications with zooming, multiple cameras, layers, images, etc. Homepage

There are sample applications (mostly Java at the moment), and the download includes the source code of the library released under the BSD license.

This overview article at the SQL Server Developer Center provides a nice & quick rundown of new features for database development in Microsoft SQL Server 2005.

This month's issue of MSDN Magazine sports an article from Dino Esposito on the topic of script callbacks (read it). I consider script callbacks one of the cool features of ASP.NET 2.0, so be sure to check it out!

The Web Application Security Consortium has released a paper (PDF link) on threat classification. Its intention is to clarify and organize the threats to the security of a Web site. The goals of this project:

• Identify all known web application security classes of attack.
• Agree on naming for each class of attack.
• Develop a structured manner to organize the classes of attack.
• Develop documentation that provides generic descriptions of each class of attack.

Definitely an interesting read if you are concerned about Web site security.

Version 0.6 was released yesterday. IronPython is a Python implementation that works for both .NET and Mono, however, at the moment is only recommended for experimenting (a thing I really like doing) and not production. The most interesting thing about it in my opinion is that also the source code is included (released under the CPL, you know, the license Eclipse made popular).

There is a great article on linux.com (you didn't expect such a link here, did you?) titled SysAdmin to SysAdmin: It's the documentation, stupid! It is about a topic that is close to my heart: developers don't like writing documentation, and keep telling you (user) that the source is the documentation - which I couldn't agree with less, even if I am a programmer-user.

Now though this article is targetted at Open Source projects, you will agree that you too have seen less-than-stellar documented projects in companies (even yours), or you had to work with third party software whose documentation left to be desired. How did you feel when you had to find out how to achieve a task? Right.

Having this said, I'd like to offer a great starting point for writing technical documentation: quite some time ago, Bernd (de) wrote an article titled Technical Writing Made Easier, specifically targetted at programmers. Check it out.

A Channel 9 video where Anders Hejlsberg talks about the future of programming data in C# 3.0.

The MSR article Why It’s A Bad Idea For Stealth Software To Hide Files had me stumble across a project of MSR, Strider. According to the description, it is "a black-box, state-based, and component-based approach to systems management and diagnostics. The statistical data analyses that we produce and the infrastructures and tools that we build help users manage their systems today and help developers design new operating systems with better manageability tomorrow."

I really like the idea of Strider Ghostbuster that is outlined in the article - to convince you to read it yourself, I'll show the overview diagram of what Ghostbuster does (Figure 1. The ScanDiff approach to exposing file-hiding software [from the aforementioned article]):

Ghostbuster allows you to find rootkits, keyloggers and other malware that hides itself from plain directory listing. How is it done? Perform a directory listing on the infected machine (step #1), boot from a WinPE CD and scan again (step #2), and then compare the two scans (step #3). You'll see immediately what was hidden, and it takes only around 15 minutes to do this - absolutely neat!

Closing words: be sure to check out the References section of the article!

The book Improving Web Application Security: Threats and Countermeasures (online: Guidelines Corrections) can also be browsed via solutions at a glance. I've been recommending this book for quite some time in the German community, so why not plug it again (and hence start the Security section of my blog).