<2006 December>
SunMonTueWedThuFriSat
262728293012
3456789
10111213141516
17181920212223
24252627282930
31123456

On this page...

Search

Links

Member of...


ASP Insiders

MVP Visual Developer ASP/ASP.NET

Enter CodeZone

Blog Categories

Microsoft

Blogroll

Deutsche Resourcen

Management

Sign In
 

#  Sunday, 03 December 2006

The Feature Specifications for Visual Studio and .NET Framework "Orcas" page has a document on it entitled Get Latest on Check Out. The reason I bring this up is that I had been asked during TechEd in Barcelona at the ATE booth (by a fellow ATE) whether the default behavior for Team Foundation Version Control (TFVC) - make the current version of the file in the workspace editable - can be changed to get latest first, then make editable. 

The problem that prompted the question is that more often than not, a developer is likely to forget to do a Get Latest first and only then start editing. If forgotten, this can lead to unnecessary merge operations. The good news is that the feature will be available, the bad news is that it isn't today.

Categories: Team System | Visual Studio
Sunday, 03 December 2006 04:07:38 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]

 



#  Thursday, 30 November 2006
Brian Harry has posted a blog entry on the road ahead for TFS, even beyond Orcas.
Thursday, 30 November 2006 19:08:04 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]

 

Having Virtual PC 2007 Beta, the virtual machine additions for Linux Beta plus a disc of Ubuntu 6.10 Linux sitting on my desk simply proved irresistible to me. Thus: create new virtual machine, slide in the DVD, and off we go.

That was the plan until I hit a snag: on switching from text mode to graphics mode, the screen garbled. Wait! I had seen this before: the emulated graphics card of Virtual PC advertises video modes it cannot actually display. And I sorted it out previously and blogged about it in mono::live. So I did the Ctrl+Alt+F3 dance and pasted the script - presto!

Now for the VM additions - of course used to the Windows way of things, I simply mounted the ISO image. Nicely opens up in the File Browser, where the f*ck is a Run As command here? OK, switch to terminal, su (I have to admit that took me a while including pestering a friend because I had already forgotten all the gory details). To spare you the details, after some twenty minutes of fiddling I decided to take a deep breath and actually read (gulp) the README that comes with the Linux additions.

Setup prerequisites step number two caught my attention:

A kernel module of the Additions is built at compile time. So, the virtual machine should have the Linux kernel source and build tools installed

No way. The mention of operating system & compile yourself makes me cringe. Thank you, but no thank you. I will live without the additions. There is no friggin way I am doing the dance, I am way too old, and sorry, this is 2006. I don't need that "power of Linux" if all administrative usability goes out the window (Note: I am a developer, and especially because I am one I totally balk at the idea of having to compile my applications / drivers before I can use them - that is ridiculous).

Oh, one minor roadblock was easy to solve - the networking stuff. System / Administration / Networking and then enable the Ethernet interface:

Now on to exploring.

Categories: L-Word Stuff | Virtual PC
Thursday, 30 November 2006 09:52:30 (W. Europe Standard Time, UTC+01:00)  #    Comments [1]

 



#  Wednesday, 29 November 2006

Because I simply cannot remember which feature is in which edition of Windows Vista, I searched the Web to come up with a couple of useful feature comparison matrixes to back up my memory:

Update And of course the Windows Vista Product Guide.

Categories: Vista
Wednesday, 29 November 2006 16:01:30 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]

 

I have been promoting this tool more than once on this blog, so this time just the download link for version 2.1.

Categories: Cool Download | Security
Wednesday, 29 November 2006 09:33:58 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]

 



#  Wednesday, 22 November 2006

I admit it: I am a regular reader of the event log. In doing so, I came across an error message last week that I rarely get to see - invalid Viewstate:

Now, that wouldn't be a problem, usually at least. However, in this special case I went WTF? when I looked at the description more closely, especially at the PersistedState information:

PersistedState: a
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-Mailer: EMUmail 4.5
Subject: jam n
bcc: <list of addresse removed by me />
comes from the loin in the middle of the back of the pig. t is a lean meaty 
cut of bacon, with relatively less fat compared to other cuts. iddle bacon
is much like back bacon
 
 
 
daa6c5071189f202ceb370d0e9d38c33
.

Come again - spam in Viewstate? What would be the point of this? After some research together with Alex I came across this article: Interesting Crack Attempt to Relay Spam (a more detailed article is available too: Form Post Hijacking). How did I manage to not take notice of this attack vector any earlier I don't know, but I have to admit that the idea is pretty clever.

Counter-measures in general? Well, either don't allow users input in the headers at all, or vet the form fields for carriage return / line feeds. Note that I did not verify if any of the available mail components for .NET would be actually susceptible to this kind of attack.

Categories: ASP.NET | Security
Wednesday, 22 November 2006 09:47:35 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]

 



#  Tuesday, 21 November 2006

At next year's VSone in Munich (a German developer conference taking place in February), I will be doing three talks:

  • Visual Studio 2005 Team Edition for Database Professionals
  • User Account Control (UAC) in Your Applications
  • Advanced Code Access Security (CAS)

Two security topics, one team-development focused. See you in Munich!

Tuesday, 21 November 2006 16:21:21 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]

 



#  Monday, 20 November 2006

I already talked about the virtualization features of Windows Vista in a previous blog post entitled UAC Redirection 4 Fun & Profit. Today, I want to tackle the file redirection that happens when UAC virtualizes your application and you try to write to a location it monitors - like the Program Files directory:

This command prompt was started with Run as Administrator (the window title hints at that). I was UAC-prompted, and then could go about my business. Not so if I would be running it unelevated:

It tells me that I don't have access. Right, not a big surprise, but why didn't virtualization kick in for cmd.exe? Because it is off by default for the command line. How can I turn it on? Well, easy. Go to Windows Task Manager

Add the Virtualization column

After a bit drag & drop magic I made it the second column and I can see which application is virtualized or not. And sure enough, cmd.exe isn't. Right-clicking allows you to change that:

You will be warned that this will possibly affect the running application, but go ahead. And then try again to write to the Program Files location:

This time I can write to Program Files - wait a second, really? No, it of course went to the virtual store for this user account:

As you can see, it lives next to files from a heck a lot of applications that wanted to write to somewhere (like system32) where they didn't have access to - but virtualization (on by default for applications except those opting out explicitly) took care of the disk operations and redirected them to the virtual store. Note that a well-written application (ie one that doesn't require administrative rights) wouldn't show up here...

Categories: Security | Vista
Monday, 20 November 2006 08:03:43 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]

 



#  Friday, 17 November 2006

The versions 4.1 of MSF for Agile Software Development Process and MSF for CMMI Process Improvement contain updated guidance for Data Dude (VSTE for Database Professionals). In addition to this, be sure to check out David Anderson's interview on Channel9: Thoughts on Visual Studio Team System and "Dark Matter" Iteration Forecasting. In this interview, he is talking about MSF backgrounds, and why he is interested in scaling agile to the enterprise level - and he has a new blog post up on this very topic. So if you are interested on why the software 'guys' should be playing on the team, be sure to check out the interview, really great background information in there (oh, and don't miss out on the lean project management slide deck).

Friday, 17 November 2006 21:03:58 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]

 

Another week, another ATE (Ask the Experts) assignment. Aside from the keynote, I got around to watching to these sessions:

  • ARC202: Design for Operations using VSTS and MOM 2005
  • DAT309: SQL Server Analysis Services 2005: Integration with 2007 Office System
  • WCL403: Windows Vista System Integrity Technologies
  • CSI401: Microsoft.com Operations: Solutions for Highly Available and Secure Web Sites
  • MGT310: Microsoft System Center Essentials (SCE): Technical Overview and Drilldown
  • ARC301: Microsoft, Open Source and Interoperability
  • INF303: How to Virtualize Infrastructure Workloads
  • IAM403: Monitoring Active Directory (AD) Security with MOM 2005
  • MGT320: Using Application Virtualization to Decrease Your Application Management TCO
  • DAT401: SQL Server Always On Technologies: Disaster Recovery Strategies for Isolated Damage and Human Error
  • SEC402: Securing your Certification Authorities (CAs) Private Keys
  • WCL402: Windows Vista Kernel Changes
  • CSI303: Building a Custom Log Analysis Solution with Log Parser 2.2 for Internet Information Services (IIS) 6
  • DAT402: SQL Server 2005: Advanced Indexing Strategies
  • MGT311: Performance Modelling: A Powerful Tool for Planning Deployments

The dud-of-the-week award goes to IAM403 which didn't live up to its level. Enjoyable as ever was Steve Riley in his security sessions. I didn't get around to watch "Windows Vista User Account Internals" by Mark Russinovich because of ATE duty, but will do so once the conference DVDs turn up in mail!

Friday, 17 November 2006 15:42:12 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]

 



© Copyright 2017 Christoph Wille

newtelligence dasBlog 2.3.9074.18820
Subscribe to this weblog's RSS feed with SharpReader, Radio Userland, NewsGator or any other aggregator listening on port 5335 by clicking this button.   RSS 2.0|Atom 1.0  Send mail to the author(s)

 
Don't contact us via this (fleischfalle@alphasierrapapa.com) email address.