The November 2006 issue has lots of good security articles, which are available online too. Check out Security Habits, Threat Modeling (STRIDE approach), Extending SDL or SQL Security to name a few.

Last Tuesday, I held the talk "Advanced Code Access Security" at UG Styria in Graz. This talk was originally part of the MSDN Security Briefings held in Austria earlier this year, for which MS Austria had asked MVPs to help create and deliver security content. Advanced CAS seemed an interesting enough developer topic to re-run at user groups, and Mario (the author of this session) has allowed me to publish the slide deck and demos for the general public.

AdvancedCodeAccessSecurity.pdf (4542 KB)

AdvancedCAS.zip (599.6 KB)

Please note that I have published only demos four (setting CAS via setup) and six (using CAS in addin application) - those are the "completed" versions of the demos.

Today, I was asked whether there was a "real" difference between debug and release builds of a C# project - other than the PDB files. I didn't know for sure, so I set out on a search for more information, which turned up the blog entry debug vs. release in C#. The interesting part is the first comment by Josh Williams: "...the /debug[+|-] switch controls JIT optimizations <snip />. Disabling JIT optimizations is very useful for debugging purposes but will very much affect the runtime perf of an app as much of the optmization of your code is done by the JIT, not CSC..."

Now that definitely turns shipping a debug build to customers into a non-starter.

In case you were wondering why there is no new content on this blog - I am pretty busy, including preparing for my sessions at ADC06:

• Architecture Jumpstart 1 & 2
• Full-day VSTS / TFS Jumpstart

See you next week in Frankenthal / Germany!

Beta 1 of SharpDevelop2 2.1 is available for download. While I was putting together the annoucement for v2.1 yesterday, I realized that for a point release, we really managed to put in a lot of new cool features:

• FxCop Support
• Component Inspector
• WiX Support
• Incremental Search
• Code Navigation History
• List Data Sources in SharpReport
• XPath Queries
• Code Completion for Different Frameworks
• GoTo XML Schema Definition
• Targeting Different Frameworks
• Hosting of SharpDevelop in 3rd Party Applications

A couple of WOW features (for me, at least): Not only can you compile an application for different versions of .NET, you also get version-specific code completion support. Another cool one is that you can host SharpDevelop in your application, providing your application a "macro editor" (on steroids I might add) with full .NET support. And to pick a third, code analysis rounds out our professional offering in addition to code coverage as well as unit testing.

Two features did not make it for the Beta 1 announcement as they don't yet cover all the scenarios we are hoping for: integrated Subversion support (yeah!) and targetting the Compact Framework for Windows CE devices. Those slipped silently into this release.

As you can see, SharpDevelop is ever growing and the developers working on it can be rightly proud of their achievements!

Finally, a kind of "call to action": let us know what you think! Not only in our forums, but also in your blogs, communities, et cetera. We need your feedback regarding feature set, stability, and much more.

That's not very funny when all you try to do is watch a Live Meeting on another Vista feature on your Vista box (last time, I was saved this problem by LM on Vista not being able to connect to the audio stream). And I thought the last time I saw a system swap itself to death was on Windows 3.0...

In other Vista news - try this: right-click on a .zip archive of your choice, select the Open With... option from the context menu. In the dialog that pops up expand Other and choose Internet Explorer. Fun ensues. 

MWconn got a new homepage which is also available in English (here). What is MWconn anyways? Take a look at my short MWconn setup guide / introduction plus if you use a Merlin UMTS card on Windows Vista, my installation instructions for the U630.

Subversion 1.4 is available. The especially good news? Svnserve can now be run as a native Windows service (more).

EasyBCD is a must-have tool for Windows Vista to manage the new bootloader:

This is a whitepaper published by MS (download here). From the download page:

Gain valuable information about the concepts of social engineering within the IT security workspace. In section one, the guide provides a working definition of social engineering that can be used within a company's security policies and is meaningful to non-IT security staff. The guide describes the aims and objectives of an attacker and shows how social engineering, like hacking, is a threat to all businesses, not just enterprise or government institutions. The guide will also cover:

• Social engineering and the defense-in-depth layered model
• Social engineering threats and defense
• Online, telephone-based, and waste management threats
• Personal approaches
• Reverse social engineering
• Designing and implementing defenses against social engineering threats
• Developing a security management framework
• Risk management
• Social engineering in the organizational security policy
• Awareness
• Managing incidents
• Operational considerations
• Security policy for social engineering threat checklists