June 2009 - Posts
When you visit Norway, it takes a week to recover. Ok, at least when I visit Norway, it takes a week. But that’s just a testament to the good time I had. As they say, what happens in Vegas stays in Vegas, but what happens in Oslo gets recorded as a .NET Rocks Live episode . The week before last, I spent the week in Oslo, Norway attending and speaking at the Norwegian Developer’s Conference (NDC 09). This conference was not your typical Microsoft conference I usually attend but was a conference on .NET with a heavy Agile Software bent. Just looking at the speaker line-up will tell you that. Scott Bellware tweeted a blurb recently that succinctly summarized my impression of the conference: how to know you're at a good conference: the speakers...
In my last post, I wrote about the hijacking of JSON arrays . Near the end of the post, I mentioned a comment whereby someone suggests that what really should happen is that browsers should be more strict about honoring content types and not execute code with the content type of application/json . I totally agree! But then again, browsers haven’t had a good track record with being strict with such standards and it’s probably too much to expect browsers to suddenly start tightening ship, not to mention potentially breaking the web in the process. Another potential solution that came to mind was this: Can we simply change JSON? Is it too late to do that or has that boat left the harbor? Let me run an idea by you. What if everyone got together...
I really advocate folks reading as much source as they can because you become a better writer by reading as much as writing. That's the whole point of the Weekly Source Code - reading code to be a better developer. Reading code in Open Source projects is a good way to learn, especially if the project has been around a while and been successful, or if you already respect the team of people working on it. Less reliably, you can find snippets of code by searching and sharing code. David Ebbo is scary clever . You know someone is smart when they come up with something you don't think you yourself could come up with on your own, but you still kick yourself for not thinking of it in the first place. David's been experimenting with ways...
A while back I wrote about a subtle JSON vulnerability which could result in the disclosure of sensitive information. That particular exploit involved overriding the JavaScript Array constructor to disclose the payload of a JSON array, something which most browsers do not support now. However, there’s another related exploit that seems to affect many more browsers. It was brought to my attention recently by someone at Microsoft and Scott Hanselman and I demonstrated it at the Norwegian Developers Conference last week, though it has been demonstrated against Twitter in the past . Before I go further, let me give you the punch line first in terms of what this vulnerability affects. This vulnerability requires that you are exposing a JSON service...
Hey, I am shifting teams at Microsoft! A little more than a year ago, I started working at Microsoft on the www.ASP.net community team creating ASP.NET MVC content. Over the past year, I’ve been doing things like speaking at a lot of conferences (PDC, Tech-Ed Emea, Tech-Ed India, MIX, ASP.NET Connections), writing a lot of tutorials and recording a lot of videos, and finishing a book. It has been an intense experience. Next week, I am officially joining the ASP.NET team as a feature PM with a focus on ASP.NET AJAX. I’m going to be working on the Microsoft AJAX Framework and the AJAX Control Toolkit. I get to write specs! I’m really excited about Ajax. Anyone who has read my latest ASP.NET Unleashed book or who has heard me speak at any conference...
A little while ago I announced our plans for ASP.NET MVC as it relates to Visual Studio 2010. ASP.NET MVC wasn’t included as part of Beta 1, which raised a few concerns by some (if not conspiracy theories!) ;). The reason for this was simple as I pointed out: One thing you’ll notice is that ASP.NET MVC is not included in Beta 1. The reason for this is that Beta 1 started locking down before MVC 1.0 shipped. ASP.NET MVC will be included as part of the package in VS10 Beta 2. … We’re working hard to have an out-of-band installer which will install the project templates and tooling for ASP.NET MVC which works with VS2010 Beta 1 sometime in June on CodePlex. Sorry for the inconvenience. I’ll blog about it once it is ready. Today I’m happy to announce...
Here is the latest in my link-listing series . Also check out my ASP.NET Tips, Tricks and Tutorials page and Silverlight Tutorials page for links to popular articles I've done myself in the past. You can also now follow me on twitter ( @scottgu ) where I also post links and small posts. ASP.NET Implementing Incremental Navigation with ASP.NET : A nice article from Andrew Wrigley that describes how to use ASP.NET’s Site Navigation system to create a navigation user interface. Syndicating and Consuming RSS Feeds in ASP.NET : A nice article from Scott Mitchell that describes how to work with RSS using ASP.NET 3.5. Using Expression Builders in ASP.NET : Scott Mitchell has another good article that describes a little-known extensibility...
One of the features contained in the MVC Futures project is the ability to generate action links in a strongly typed fashion using expressions. For example: <% = Html.ActionLink<HomeController>(c => c.Index()) %> Will generate a link to to the Index action of the HomeController . It’s a pretty slick approach, but it is not without its drawbacks. First, the syntax not one you’d want to take as your prom date. I guess you can get used to it, but a lot of people who see it for the first time kind of recoil at it. The other problem with this approach is performance as seen in this slide deck I learned about from Brad Wilson . One of the pain points the authors of the deck found was that the compilation of the expressions was very...
More Posts