<2004 October>
SunMonTueWedThuFriSat
262728293012
3456789
10111213141516
17181920212223
24252627282930
31123456

On this page...

Search

Links

Member of...


ASP Insiders

MVP Visual Developer ASP/ASP.NET

Enter CodeZone

Blog Categories

Microsoft

Blogroll

Deutsche Resourcen

Management

Sign In
 

#  Monday, 18 October 2004

It has been a rather long wait for this SPV C500 Developer Edition. However, got it up and running in next to no time (maybe reading manuals does help after all); but I won't have too much time to tinker with it this week - I'm heading to the Connect event in Barcelona tomorrow morning.

You can rest assured that some kind of self-crafted SmartPhone .NET application source code will tip up on this blog once I have accustomed myself with CF programming on the 'fone' (sooner than later).

Categories: Smartphone and PocketPC | this
Monday, 18 October 2004 19:47:51 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 

The Security Risk Management Guide helps customers of all types plan, build, and maintain a successful security risk management program. The guide explains how to conduct each phase of a four-phase risk management program and how to build an ongoing process to measure and drive security risks to an acceptable level. This guide is technology agnostic and references many industry accepted standards for managing security risk. Download

 

Categories: Security
Monday, 18 October 2004 11:48:37 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Sunday, 17 October 2004

Michael Howard has an interesting blog entry on the number of advisories for IIS 6 versus the number of advisories for Apache 2.0.x (advisories that are security-relevant, in case you are wondering). This doesn't make Apache look that good after all.

Categories: IIS | Security
Sunday, 17 October 2004 19:10:02 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Saturday, 16 October 2004

Brian Goldfarb has the details in his blog on Making the ValidatePath HTTP Module easier to deploy. (remember, the canonicalization issue with ASP.NET)

Categories: ASP.NET | Security
Saturday, 16 October 2004 11:30:08 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Friday, 15 October 2004

Another MSR (Cambridge) project: The goal of the Samoa Project is to exploit recent theoretical advances in the analysis of security protocols in the practical setting of XML web services. Some early outcomes of this research include an implementation of declarative security attributes for web services and the design of a logic-based approach to checking SOAP-based protocols.

Even if this doesn't sound interesting to you, the site sports a really great resources section with lots of article links, security topics, bloggers and columnists, resource hubs and more. If you are working with Web Services, check this site out!

Categories: .NET | MSR | Security
Friday, 15 October 2004 10:04:38 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Thursday, 14 October 2004

From the Download Site: The Mobile Application Development Toolkit provides all the resources you need to start building mobile applications for Smartphone and Pocket PC devices.

The kit includes:

  • Windows Mobile Development Guided Tour
  • QuickStarts
  • Hands-on Labs
  • Technical Articles
  • Business Success Stories
  • Information about Developer Tools and SDKs
  • Software and Special Offers
Thursday, 14 October 2004 12:31:06 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Wednesday, 13 October 2004

Good to see that Virtual PC 2004 Service Pack 1 is finally available for download. It includes performance improvements for XP SP2 machines (!) as well as fixes - check out the readme for details.

Categories: this | Virtual PC
Wednesday, 13 October 2004 10:45:35 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Monday, 11 October 2004

The last week was slow with regards to book reading, too many things got in the way (including good weather for race cycling, which is rare in October here - I already have winter tires on my car...). Peopleware by Tom DeMarco and Timothy Lister nonetheless was a highly interesting read; you get prescriptive advice, which can be start for you on a project or even a higher level.

They are also talking about a topic close to my heart: teamicide - I have seen that way too many times myself. They present a list of sure-fire "techniques" to inhibit formation of teams and disrupt project sociology:

  • Defensive management
  • Bureaucracy
  • Physical separation
  • Fragmentation of people's time
  • Quality reduction of the product
  • Phony deadlines
  • Clique control
  • Those damn posters and plaques
  • Overtime: the unanticipated side effect

Agreed, 100%. Experienced, 100%.

Categories: Books | Project Management
Monday, 11 October 2004 08:31:23 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Friday, 08 October 2004

MS has updated What You Should Know About a Reported Vulnerability in Microsoft ASP.NET with information on the Microsoft ASP.NET ValidatePath Module. This module essentially does what the recommended global.asax fix does - on a machine-wide level. The advantage? Only one install per machine, no developer who could forget to implement the fix, and it also works for applications for which you only have the compiled site. Running on this very Web server.

Categories: Administration | ASP.NET | Security
Friday, 08 October 2004 07:38:04 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



#  Wednesday, 06 October 2004

Early Tuesday morning last week, I already had a blog entry up with exactly that title. However, I took it down because Scott Guthrie did ask to buy some time for his ASP.NET team which was already working on a fix for the zero-day exploit reported on NTBugtraq. I changed my entry to Two of the most important security mailing lists, an article containing useful advice– especially programmers are usually not subscribed to these lists, and this I consider to be bordering on irresponsible these days.

To get back to the security bug in Forms Authentication: the ASP.NET team has posted a KB article and a security alert. Turn to implementing the workaround options immediately!

An IIS best practice using URLScan for the backslash canonicalization issue found in ASP.NET was brought up independently by Stephan on our German ASP.NET mailing list last Tuesday. Too bad that we had to advise lots of people to install a tool that was readily available for years!

Bootnote: Hadn’t it been a security vulnerability for ASP.NET, I would have never even considered taking my blog entry down (the ASP.NET team is just absolutely fabulous and their support for the community rocks). I flat-out do not believe that one helps the good guys by not telling them about publicly known zero day exploits (NTBugtraq isn’t just any mailing list after all, and shooting the messenger never was a brilliant solution). This is why the German ASP.NET community knew about the sploit before 7:30AM CET on Tuesday. Even if we hadn’t found a workaround, disabling vulnerable sites would still have been a much better choice than being hacked without knowing.

Categories: ASP.NET | Security
Wednesday, 06 October 2004 07:28:25 (W. Europe Daylight Time, UTC+02:00)  #    Comments [0]

 



© Copyright 2017 Christoph Wille

newtelligence dasBlog 2.3.9074.18820
Subscribe to this weblog's RSS feed with SharpReader, Radio Userland, NewsGator or any other aggregator listening on port 5335 by clicking this button.   RSS 2.0|Atom 1.0  Send mail to the author(s)

 
Don't contact us via this (fleischfalle@alphasierrapapa.com) email address.