Busy day in open source land for me - after releasing a .NET USB library earlier today, we now finally were able to release the book "Dissecting a C# Application - Inside SharpDevelop" as a free ebook! More than 500 pages of information (architecture and code) on a real-world application written entirely in C#.

The book was originally published (January 2003) by Wrox Press, which went under shortly after the book's release. With all three original authors (Christian Holm, Mike Krüger, Bernhard Spuida) agreeing, I worked with Gary Cornell from Apress to release the book to the general public for free - and I am more than happy to announce this event today! Thanks Gary, you have been really, really forthcoming - and wow, we made it happen before Christmas.

September 13 – 16, 2005 with Pre-conferences September 11 and 12 in the Los Angeles Convention Center, Los Angeles, CA. PDC 2005 Site

Today we released yet another open source project: #usblib (SharpUSBLib). The history for this project is quite similar to many other OS projects ("scratching an itch"): Mike built a terrarium for his soon-to-be-delivered chameleon, and he wanted to manage the ligthing using a USB-controlled power switch. Not having found a suitable USB library for .NET, he decided to write one himself.

The library is used for low level access to USB devices, and it works under WIN32/.NET and Linux/Mono. Documentation can be found in the wiki, a support forum also exists. The download includes source code for this dual-licensed (GPL and LGPL) library.

Not strictly a programming security topic, but useful nonetheless: Attack and penetration testing is a set of techniques and methodologies to test compliance to security policies, and to detect previously unknown vulnerabilities. The overall goal is to limit the points of exposure and to restrict the ability of unknown attackers to gain entry. However, developing an effective attack and penetration testing team presents unique management challenges. This discussion gives some best practice advice and lessons learned from the Microsoft IT experience building and operating an internal attack and penetration testing team. Download

There is a new hands-on lab for Web Services Enhancements 2.0: Learn how to secure Web services without writing code. Sample code is provided for both C# and VB.NET, so it should fit almost everyone.

Using WSE 2.0? Get SP2. Dont't know what WSE is? Here is a quick overview from the download page:

WSE 2.0 SP2 simplifies the development and deployment of secure Web services by enabling developers and administrators to more easily apply security policies on Web services running on the .NET Framework. Using WSE, Web services communication can be signed and encrypted using Kerberos tickets, X.509 certificates, username/password credentials, and other custom binary and XML-based security tokens. In addition, an enhanced security model provides a policy-driven foundation for securing Web services across trust domains. WSE also supports the ability to establish a trust-issuing service for retrieval and validation of security tokens, as well as the ability to establish more efficient long-running secure communication via secure conversations.

Ok, I was convinced to release my current development bits to the general public for public criticism. A PDF document accompanies the download. Make sure you read that first before installing, because installation is rough to say the least (developer friendly, but not end user compatible). But judge for yourself.

Now for the more interesting part: source code is included! This nice registry editor is open source, licensed under the GNU General Public License (GPL). I hope that it can serve for more than just a bad example of how not to do things on a Smartphone . Count on me for documenting the pitfalls and stumbling blocks that I magically wasn't able to avoid.

So without further ado, here is the download. If you want to read up on the history of the project, simply dig into the Smartphone / PPC category of this blog.

Need a ViewState Decoder? Want to view the ASP.NET security context? Generate a machine key? Trying to understand the ASP.NET pipeline? Or looking for a password minding application? All this plus more can be found for free on this page.

TheServerSide.NET has a nice satire online: Top 10 Things to Be Thankful for in .NET (Flash link). My favorite is "6. Object Orientation in VB.NET - For showing VB6 Developers that what they were doing before wasn't OO. Not even close."

Apress has a section titled Alpha and Beta Books. There you can read "first drafts" (alpha) as well as "shipping real soon now" (beta) chapters of upcoming book releases. You will find a wide range of book topics on the aforementioned page. Currently interesting to us in the .NET camp are the chapters for the Test Driven Development (TDD) book.