Archives / 2004 / May
  • Stealin Secrets from Your Favorite Bloggers

    I ran into this postential security riskwhile doing a security audit of Empower, our content mangement server that will be available for purchase in just a few short weeks, and it turns out to be a common hole that many tools and apps do not protect you from. Most modern web based blogging tools and a host of web site tools include the ability to view referrer information for a given item. The problem is that these tools assume that the incoming urls are valid, so they simply echo them to the screen. Unfortunately, this means that evil users can insert all sorts of nasty scripts into the referrer string and hijack your browser, stealing all sorts of information like domain specific cookies (ie. login info). If you want to see if you are vulnerable, you should go download the referrer spoofing tool over at (and while you're at it, send Rory a nice google wierdos message :-) ). Enter something like<script>alert('you have been hacked');</script> and see if you get a dialog box when you look at your referrer logs.

  • Cool Job Opening

    A company that I have done quite a bit of work for is looking to hire a talented, full-time ASP.NET / C# senior dev. They are looking for a sharp person with a background in building e-commerce, content management, and/or portal solutions. If you are getting tired of doing the same old thing every day and are looking for a challenging position where you can really make a difference and have an impact in the industry, I highly recommend sending your resume and a cover letter over to so that you can see what they have to offer. Articulate is a great, smart company that is quickly moving up the ladder and becoming a dominant force in their industry.I have nothing but positive things to say about the company, so once again, I highly recommend checking this out.

    Oh... and by the way, in addition to being a great job with great people, this position is also 99% work from home, which means that other than some meetings which you'll have to fly somewhere like NY to attend, you can do all your work from the comfort of a nice sunny beach :-)

  • ObjectSpaces Should Be Released Like WSE

    So, if we aren't going to get ObjectSpaces merely because some shmackheads at Microsoft think developers can't deal with changes in their object models when Longhorn comes around, they should release a version of ObjectSpaces along with Whidbey the same way they released WSE. This will satisfy the needs of developers who Microsoft promised this stuff in the Whidbey timeframe, as well as allow the community to give feedback on how the current approach works in the real world. At the same time, Microsoft will not be obligated to keep the APIs consistent when Longhorn is released, because the stuff was never advertised as the final deal. Then again, maybe the advertised reason for the delay is wrong. Maybe the reason ObjectSpaces is being delayed is because those shmackheads just couldn't get the thing working after 4 years... if that is the case, we are all in trouble.

  • Linux Just Another OpenSource Photo-Copy Job?

    “According to the study, it's safe to argue that Tanenbaum, who had years of OS experience and who had seen the Unix source code, could create Minix in three years. "However, it is highly questionable that Linus, still just a student, with virtually no operating systems development experience, could do the same, especially in one-sixth of the time," says the study, which was written by Ken Brown, president of the Alexis de Tocqueville Institution.“ [1]

  • Mono Already Dead?

    Seth Nickell thinks Mono is to encumbered by Microsoft and too full of risks to be a viable option. Paulo and Miguel  have already sufficiently discussed this topic, and nothing Seth has to say leads me to believe otherwise. The simple fact is that the Open Source community NEEDs a managed execution environment upon which they can standardize and a set of base class libraries to go with it, or they absolutely will not be able to compete in the coming years. The only other reasonable choice is Java, and it faces much more of these kinds of issues that Seth raises. Of course, the most patent-free route would be for the Open Source community to innovate and create some of their own stuff instead of photo-copying other people's ideas... but when is the last time that happened?

  • Ventuz Acquired By Microsoft?

    A while back, there was a lot of noise around a presentation tool from this company “Ventuz“ that was being used for a lot of MS conferences to make super slick 3d-ized PowerPoint presentations. Shortly thereafter, the company disappeared off the map. In fact, now, the “we will be updating our site soon“ message that used to be found at their domain has been replaced with a nice, IE “this page cannot be found“ message. So, will this slick C#/Managed DirectX app be one of the first super slick Longhorn Office upgrades? We'll see, but it wouldn't suprise me in the least.