<2006 December>

On this page...



Member of...

ASP Insiders

MVP Visual Developer ASP/ASP.NET

Enter CodeZone

Blog Categories



Deutsche Resourcen


Sign In

#  Tuesday, 12 December 2006

The most useful utility for deployment (or name your task, like directory comparison) is most decidedly Robocopy, which previously shipped only as part of the OS resource kits. Now with Windows Vista, however, Robocopy comes in the box.

To get up and running quickly, I recommend that you get Robocopy GUI:

It makes getting started with Robocopy a tad easier.

Categories: Administration | Vista
Tuesday, 12 December 2006 21:01:27 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]


This is the firewall settings dialog - much the same as we know it from Windows XP already:

However, once you fire up the management console (mmc.exe), you can add snapins for advanced firewall configuration (ok, IPSec is one of my personal favorites and not necessary to configure the firewall per se...):

Once you have done this, you can now configure the firewall like, well, an administrator would expect - rule based:

Categories: Administration | Security | Vista
Tuesday, 12 December 2006 20:46:50 (W. Europe Standard Time, UTC+01:00)  #    Comments [1]


#  Sunday, 03 December 2006

The Feature Specifications for Visual Studio and .NET Framework "Orcas" page has a document on it entitled Get Latest on Check Out. The reason I bring this up is that I had been asked during TechEd in Barcelona at the ATE booth (by a fellow ATE) whether the default behavior for Team Foundation Version Control (TFVC) - make the current version of the file in the workspace editable - can be changed to get latest first, then make editable. 

The problem that prompted the question is that more often than not, a developer is likely to forget to do a Get Latest first and only then start editing. If forgotten, this can lead to unnecessary merge operations. The good news is that the feature will be available, the bad news is that it isn't today.

Categories: Team System | Visual Studio
Sunday, 03 December 2006 04:07:38 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]


#  Thursday, 30 November 2006
Brian Harry has posted a blog entry on the road ahead for TFS, even beyond Orcas.
Thursday, 30 November 2006 19:08:04 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]


Having Virtual PC 2007 Beta, the virtual machine additions for Linux Beta plus a disc of Ubuntu 6.10 Linux sitting on my desk simply proved irresistible to me. Thus: create new virtual machine, slide in the DVD, and off we go.

That was the plan until I hit a snag: on switching from text mode to graphics mode, the screen garbled. Wait! I had seen this before: the emulated graphics card of Virtual PC advertises video modes it cannot actually display. And I sorted it out previously and blogged about it in mono::live. So I did the Ctrl+Alt+F3 dance and pasted the script - presto!

Now for the VM additions - of course used to the Windows way of things, I simply mounted the ISO image. Nicely opens up in the File Browser, where the f*ck is a Run As command here? OK, switch to terminal, su (I have to admit that took me a while including pestering a friend because I had already forgotten all the gory details). To spare you the details, after some twenty minutes of fiddling I decided to take a deep breath and actually read (gulp) the README that comes with the Linux additions.

Setup prerequisites step number two caught my attention:

A kernel module of the Additions is built at compile time. So, the virtual machine should have the Linux kernel source and build tools installed

No way. The mention of operating system & compile yourself makes me cringe. Thank you, but no thank you. I will live without the additions. There is no friggin way I am doing the dance, I am way too old, and sorry, this is 2006. I don't need that "power of Linux" if all administrative usability goes out the window (Note: I am a developer, and especially because I am one I totally balk at the idea of having to compile my applications / drivers before I can use them - that is ridiculous).

Oh, one minor roadblock was easy to solve - the networking stuff. System / Administration / Networking and then enable the Ethernet interface:

Now on to exploring.

Categories: L-Word Stuff | Virtual PC
Thursday, 30 November 2006 09:52:30 (W. Europe Standard Time, UTC+01:00)  #    Comments [1]


#  Wednesday, 29 November 2006

Because I simply cannot remember which feature is in which edition of Windows Vista, I searched the Web to come up with a couple of useful feature comparison matrixes to back up my memory:

Update And of course the Windows Vista Product Guide.

Categories: Vista
Wednesday, 29 November 2006 16:01:30 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]


I have been promoting this tool more than once on this blog, so this time just the download link for version 2.1.

Categories: Cool Download | Security
Wednesday, 29 November 2006 09:33:58 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]


#  Wednesday, 22 November 2006

I admit it: I am a regular reader of the event log. In doing so, I came across an error message last week that I rarely get to see - invalid Viewstate:

Now, that wouldn't be a problem, usually at least. However, in this special case I went WTF? when I looked at the description more closely, especially at the PersistedState information:

PersistedState: a
Content-Transfer-Encoding: 8bit
Content-Type: text/plain
X-Mailer: EMUmail 4.5
Subject: jam n
bcc: <list of addresse removed by me />
comes from the loin in the middle of the back of the pig. t is a lean meaty 
cut of bacon, with relatively less fat compared to other cuts. iddle bacon
is much like back bacon

Come again - spam in Viewstate? What would be the point of this? After some research together with Alex I came across this article: Interesting Crack Attempt to Relay Spam (a more detailed article is available too: Form Post Hijacking). How did I manage to not take notice of this attack vector any earlier I don't know, but I have to admit that the idea is pretty clever.

Counter-measures in general? Well, either don't allow users input in the headers at all, or vet the form fields for carriage return / line feeds. Note that I did not verify if any of the available mail components for .NET would be actually susceptible to this kind of attack.

Categories: ASP.NET | Security
Wednesday, 22 November 2006 09:47:35 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]


#  Tuesday, 21 November 2006

At next year's VSone in Munich (a German developer conference taking place in February), I will be doing three talks:

  • Visual Studio 2005 Team Edition for Database Professionals
  • User Account Control (UAC) in Your Applications
  • Advanced Code Access Security (CAS)

Two security topics, one team-development focused. See you in Munich!

Tuesday, 21 November 2006 16:21:21 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]


#  Monday, 20 November 2006

I already talked about the virtualization features of Windows Vista in a previous blog post entitled UAC Redirection 4 Fun & Profit. Today, I want to tackle the file redirection that happens when UAC virtualizes your application and you try to write to a location it monitors - like the Program Files directory:

This command prompt was started with Run as Administrator (the window title hints at that). I was UAC-prompted, and then could go about my business. Not so if I would be running it unelevated:

It tells me that I don't have access. Right, not a big surprise, but why didn't virtualization kick in for cmd.exe? Because it is off by default for the command line. How can I turn it on? Well, easy. Go to Windows Task Manager

Add the Virtualization column

After a bit drag & drop magic I made it the second column and I can see which application is virtualized or not. And sure enough, cmd.exe isn't. Right-clicking allows you to change that:

You will be warned that this will possibly affect the running application, but go ahead. And then try again to write to the Program Files location:

This time I can write to Program Files - wait a second, really? No, it of course went to the virtual store for this user account:

As you can see, it lives next to files from a heck a lot of applications that wanted to write to somewhere (like system32) where they didn't have access to - but virtualization (on by default for applications except those opting out explicitly) took care of the disk operations and redirected them to the virtual store. Note that a well-written application (ie one that doesn't require administrative rights) wouldn't show up here...

Categories: Security | Vista
Monday, 20 November 2006 08:03:43 (W. Europe Standard Time, UTC+01:00)  #    Comments [0]


© Copyright 2017 Christoph Wille

newtelligence dasBlog 2.3.9074.18820
Subscribe to this weblog's RSS feed with SharpReader, Radio Userland, NewsGator or any other aggregator listening on port 5335 by clicking this button.   RSS 2.0|Atom 1.0  Send mail to the author(s)

Don't contact us via this (fleischfalle@alphasierrapapa.com) email address.