<2004 October>
SunMonTueWedThuFriSat
262728293012
3456789
10111213141516
17181920212223
24252627282930
31123456

On this page...

Search

Links

Member of...


ASP Insiders

MVP Visual Developer ASP/ASP.NET

Enter CodeZone

Blog Categories

Microsoft

Blogroll

Deutsche Resourcen

Management

Sign In
 

#  Sunday, 17 October 2004

Michael Howard has an interesting blog entry on the number of advisories for IIS 6 versus the number of advisories for Apache 2.0.x (advisories that are security-relevant, in case you are wondering). This doesn't make Apache look that good after all.

Categories: IIS | Security
Sunday, 17 October 2004 19:10:02 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Saturday, 16 October 2004

Brian Goldfarb has the details in his blog on Making the ValidatePath HTTP Module easier to deploy. (remember, the canonicalization issue with ASP.NET)

Categories: ASP.NET | Security
Saturday, 16 October 2004 11:30:08 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Friday, 15 October 2004

Another MSR (Cambridge) project: The goal of the Samoa Project is to exploit recent theoretical advances in the analysis of security protocols in the practical setting of XML web services. Some early outcomes of this research include an implementation of declarative security attributes for web services and the design of a logic-based approach to checking SOAP-based protocols.

Even if this doesn't sound interesting to you, the site sports a really great resources section with lots of article links, security topics, bloggers and columnists, resource hubs and more. If you are working with Web Services, check this site out!

Categories: .NET | MSR | Security
Friday, 15 October 2004 10:04:38 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Thursday, 14 October 2004

From the Download Site: The Mobile Application Development Toolkit provides all the resources you need to start building mobile applications for Smartphone and Pocket PC devices.

The kit includes:

  • Windows Mobile Development Guided Tour
  • QuickStarts
  • Hands-on Labs
  • Technical Articles
  • Business Success Stories
  • Information about Developer Tools and SDKs
  • Software and Special Offers
Thursday, 14 October 2004 12:31:06 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Wednesday, 13 October 2004

Good to see that Virtual PC 2004 Service Pack 1 is finally available for download. It includes performance improvements for XP SP2 machines (!) as well as fixes - check out the readme for details.

Categories: this | Virtual PC
Wednesday, 13 October 2004 10:45:35 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Monday, 11 October 2004

The last week was slow with regards to book reading, too many things got in the way (including good weather for race cycling, which is rare in October here - I already have winter tires on my car...). Peopleware by Tom DeMarco and Timothy Lister nonetheless was a highly interesting read; you get prescriptive advice, which can be start for you on a project or even a higher level.

They are also talking about a topic close to my heart: teamicide - I have seen that way too many times myself. They present a list of sure-fire "techniques" to inhibit formation of teams and disrupt project sociology:

  • Defensive management
  • Bureaucracy
  • Physical separation
  • Fragmentation of people's time
  • Quality reduction of the product
  • Phony deadlines
  • Clique control
  • Those damn posters and plaques
  • Overtime: the unanticipated side effect

Agreed, 100%. Experienced, 100%.

Categories: Books | Project Management
Monday, 11 October 2004 08:31:23 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Friday, 08 October 2004

MS has updated What You Should Know About a Reported Vulnerability in Microsoft ASP.NET with information on the Microsoft ASP.NET ValidatePath Module. This module essentially does what the recommended global.asax fix does - on a machine-wide level. The advantage? Only one install per machine, no developer who could forget to implement the fix, and it also works for applications for which you only have the compiled site. Running on this very Web server.

Categories: Administration | ASP.NET | Security
Friday, 08 October 2004 07:38:04 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Wednesday, 06 October 2004

Early Tuesday morning last week, I already had a blog entry up with exactly that title. However, I took it down because Scott Guthrie did ask to buy some time for his ASP.NET team which was already working on a fix for the zero-day exploit reported on NTBugtraq. I changed my entry to Two of the most important security mailing lists, an article containing useful advice– especially programmers are usually not subscribed to these lists, and this I consider to be bordering on irresponsible these days.

To get back to the security bug in Forms Authentication: the ASP.NET team has posted a KB article and a security alert. Turn to implementing the workaround options immediately!

An IIS best practice using URLScan for the backslash canonicalization issue found in ASP.NET was brought up independently by Stephan on our German ASP.NET mailing list last Tuesday. Too bad that we had to advise lots of people to install a tool that was readily available for years!

Bootnote: Hadn’t it been a security vulnerability for ASP.NET, I would have never even considered taking my blog entry down (the ASP.NET team is just absolutely fabulous and their support for the community rocks). I flat-out do not believe that one helps the good guys by not telling them about publicly known zero day exploits (NTBugtraq isn’t just any mailing list after all, and shooting the messenger never was a brilliant solution). This is why the German ASP.NET community knew about the sploit before 7:30AM CET on Tuesday. Even if we hadn’t found a workaround, disabling vulnerable sites would still have been a much better choice than being hacked without knowing.

Categories: ASP.NET | Security
Wednesday, 06 October 2004 07:28:25 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Monday, 04 October 2004

I had mentioned Paint.NET earlier here, but now version 1.1 is released which has even more exciting features, of which I picked a few ones:

  • New Effect: "RotoZoomer" which can perform arbitrary angle rotation, and zooming.
  • Layer Properties now visually previews and updates all properties in real time without having to press the "Apply" button.
  • Invert and Desature are put into the Image -> Adjustments menu, along with a new adjustment called "Brightness & Contrast."
  • User interface upgraded to make full use of XP themes. In v1.0, many dropdown boxes and "updowns" had a Win2K/OfficeXP look to them.
  • Extensibility! After you install the program, check out the "RotoZoomerSource.zip" for an example of how to write an Effect plugin. You will need Visual Studio 2003 .NET to write a new plugin. No other types of plugins are supported for v1.1.

Like last time, full source is provided too (which has lots of tweaks and refactorizations). Read more and download

Monday, 04 October 2004 08:02:41 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Sunday, 03 October 2004

With all the hoopla about VS.NET 2005 and SQL Server 2005, people sometimes forget that we still have to solve problems using today's technologies. The SQL Server 2000 Full-Text Search Deployment White Paper is a document that helps you better understand a technology that is already out there, focusing on the following areas:

  • The hardware and operating system requirements for efficient full-text
    search performance.
  • Full-text search architecture.
  • Full-text search administration.
  • How to monitor full-text search performance.
Categories: SQL Server
Sunday, 03 October 2004 18:22:28 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



© Copyright 2017 Christoph Wille

newtelligence dasBlog 2.3.9074.18820
Subscribe to this weblog's RSS feed with SharpReader, Radio Userland, NewsGator or any other aggregator listening on port 5335 by clicking this button.   RSS 2.0|Atom 1.0  Send mail to the author(s)

 
Don't contact us via this (fleischfalle@alphasierrapapa.com) email address.