April 2008 - Posts - Jon Galloway

April 2008 - Posts

My first MVP Summit

I really enjoyed my first MVP Summit as a rather freshly minted Microsoft ASP.NET MVP of all of six months. I struggle with writing about that kind of thing, since MVP posts often turn into "I heard some awesome new secrets, can't tell you, giggle giggle, bye!" taunts, but having been to one I don't think that's so much of a problem. I did hear some new things, but the real highlight was the face to face meetings with old and new friends.

Faces, meet names

  • I finally got to meet Barry Dorrans in person. We've been commenting on each other's blogs since 2004, and we've been in closer contact lately due to Barry's involvement in Subtext, CardSpace and SharpSTS. Barry may be the only a person who's both an expert in developer security (an MVP in it, to be precise) and able to blend in with normal humans.
  • Keith Elder is a force to be reckoned with. I believe he's the one who taught me the lesson about leaving my phone unattended, for which I thank him. I guess. Oh, and he's in the Witty posse.
  • Dustin Campbell is in the process of moving from DevExpress to Microsoft. And he's an F# enthusiast. And much bigger than I am. And, if I remember correctly, I've publicly insulted him recently. Agitate and observe.
  • Dave Donaldson (a.k.a. arcware) is trouble. But he should have called himself arcwelder instead of arcware. That'd be cooler.
  • Javier Lozano and I have "met" this past year via Twitter, and it was great to meet him in person. We talked for a while Tuesday night about a variety of things - my experiences working on Video.Show, Javier's very interesting thoughts about the way language impacts our approach to programming languages (including a Spanish-based .NET programming language he wrote called Azul), and on dynamic languages in general.
  • Laurent Bugnion is another person I've corresponded with via Twitter. He's very knowledgeable about WPF and Silverlight, and we talked for a long time at the ASP.NET MVP dinner.
  • I met and talked to a ton of other people, and I'm sure I'm leaving some off the list. Sorry about that. I'm not mentioning most of the folks I've met previously, (Rick Strahl, Joe Brinkman, etc.) because... oh, wait, I just did.

Lunch With LazyCoder

LazyCoder, a.k.a.  Scott Koon, has been running an awesome blog since about nineteen-ought-seven. He's especially skilled with JavaScript frameworks, but in my personal experience he seems to omniscient and Turing complete. I've been following him on Twitter lately, and we've both been contributing to the Witty Twitter client. I was looking forward to an opportunity to meet him to ensure that he wasn't just a SkyNet prototype. So, Steve Harman, Barry Dorrans, and I wandered off from the summit to meet him for beers lunch.

pictured: Jon, Scott "LazyCoder" Koon, Steve Harman

Extreme Geek Dinner at the Haack House

What happens when you get a bunch of terminally nerdy folks in a room together? They all stare at their laptops and ignore each other.

DSCF0017

pictured: the HaHa brothers, PhilHa and ScottHa, preparing for their MVC talk the following day.

And when I hit the space bar my robot does this

pictured: Jon, Steve Harman. Steve is dictating spec#, Jon does his best to keep up.

But, occasionally, a conversation breaks out:

Steven looks louche

pictured: Rob Conery, Jon, Steve

And, if you're lucky, pair programming is put to shame with tripartite programming:

Steve Harman, Phil Haack, and Barry Dorrans finding Steve's bug

pictured: Steve Harman tries to implicate Phil Haack  in an Subtext JavaScript impropriety, but Steve can't hide from SVN blame. Barry Dorrans witnesses the whole sordid affair.

ScottGu vs. KITT

Tuesday was great. I'm pretty sure I learned some interesting things about Silverlight, ASP.NET MVC, and .NET 4.0. But of course the highlight was a surprise ride in Scott Guthrie's brand new car! Arcwelder Dave tells it best:

This needs a little setup. At the end of the day Tuesday, Steve Harman, Jon Galloway, and myself were waiting around to go to building 42 with Rob Conery. Jon was on the phone with Rob, who said he was with Scott (Hanselman we assumed) and they'd pick us up. [...] So when Rob and Scott arrive, Rob calls Jon to say they are out front in a silver car. As we walk out we see Rob in a brand new Infiniti (high end model), at which point I'm thinking, "Damn, Hanselman has some balls to get that for his rental car". But who gets out of the driver side to open the trunk for our bags? Scott Guthrie, not Scott Hanselman. Rob sort of left out that little detail. Anyway, we rolled with it and enjoyed seeing ScottGu drop some f-bombs trying to figure out his new navigation system. Classic.

The Telligenti Presence

It sounds like scary Robert Ludlum novel. To tell the truth, and it kind of is mildly frightening. There are a lot of Telligent MVP's, and from the police reports it sounds like they did their best to destroy Seattle.

The ALT.NET Bad Boys

I got to say "hi" to the ALT.NET toughs, many of whom I'd met before at some point. These guys mostly scare me, and it has nothing to do with their programming methodologies. It's just that, when I talk to them, I get the feeling that I'm about to get shanked and tossed in a dumpster. But, I got to meet Ayende (Oren Eini) and Roy Osherove, and they both seemed nice enough.

Ayende and Roy Osherove

What's funny about this picture is that you can't tell that Ayende is twice as tall as Roy. That's not to slight Roy, Ayende was twice as tall as everyone else at the conference. I saw him pick up a city bus with his bare hands, shake it,  put it back down, and walk slowly away muttering about unrolling loops in Boo. Also, Roy does an awesome impression of Ayende. Who knows, he may be doing an awesome impression of me right now.

OdeToAwesome

It was fun hanging out with K. Scott Allen. We worked together on the wildly popular ASP.NET 2.0 Anthology, and while this was the second time I've met him in person (the first being a Silverlight class he was proctoring in January), this time was way cooler. I believe it was Scott - excuse me, K. Scott - who turned me on to PointUI, a free UI program for Windows Mobile which I'm really enjoying.

Building 18 Cribs tour by Adam Kinney

Adam Kinney gave me a tour of the building 18. Lots of places were familiar from Channel 9 and Channel 10 videos. Adam and I have kept in touch since we met at TechEd 2004, and it was nice to hang out in his office and marvel at the cool decorations. A man in a full sized Channel 9 costume came by and gave us ice cream cones. Apparently that kind of thing goes on all the time in Building 18.

Steve Ballmer is Not a Dumb Man

The short video clips and tiny quotes of Steve Ballmer I've seen over the years try paint him as oafish. That is not at all the case. I saw him interviewed at MIX 08 by Guy Kawasaki, and came away very impressed with Steve. The final MVP Summit event was a question and answer session with Steve, and it just drove the point home. Steve Ballmer is a very sharp guy, and an absolute pleasure to listen to. If you haven't watched the video from Steve's MIX 08 interview, please do.

Steve Ballmer at the MVP 2008 Summit

The Taphouse

The last day of the Summit, a bunch of Twitter folks got together at the Taphouse. That was a great way to finish off the trip.

IMG_0581

pictured: Lots of geeks, posing for a picture, thinking about Twittering

IMG_0583

pictured: Lots of geeks, Twittering

The Flight Home With Woody

Woody Pewitt, the local Microsoft Developer Evangelist, was probably really looking forward to a quiet, relaxing flight home after months on tour with The Code Trip. Alas, it was not to be. I sat next to him for the entire flight home, keeping him awake with conversations about our respective Naval careers, computer pranks, and how we got into computer programming. I didn't know Woody's experience with the programming community went back to Compuserve forums. Respect!

Encrypting Passwords in a .NET app.config File

I've been contributing to the Witty project lately. I'm a fan of Twitter, and it's nice to work on a popular WPF application with some hotshot coders including a WPF pro like Alan Le. Lately, I noticed that we were storing the user's password in plaintext application config file:

<setting name="Password" serializeAs="String"> 
    <value>OOPS-WE-STORED-THE-PASSWORD-IN-PLAINTEXT</value> 
</setting>

So, yeah, that's less than ideal. Foolishly, I volunteered to fix it. There's plenty of information on encrypting ASP.NET configuration settings in web.config files, but encrypting settings in a desktop application isn't as well documented. Here's what I came up with.

DPAPI, Papi!

The best way to encrypt configuration settings is with DPAPI, the Data Protection Application Programmer's Interface:

This Data Protection API (DPAPI) is a pair of function calls that provide OS-level data protection services to user and system processes. By OS-level, we mean a service that is provided by the operating system itself and does not require any additional libraries. By data protection, we mean a service that provides confidentiality of data through encryption. Since the data protection is part of the OS, every application can now secure data without needing any specific cryptographic code other than the necessary function calls to DPAPI.

That sounds pretty good. But is it secure? Let's ask old man Wikipedia:

The keys used for encrypting the user's keys are stored under "%USERPROFILE%\Application Data\Microsoft\Protect\{SID}", where {SID} is the security identifier of that user. The DPAPI key is stored in the same file as the master key that protects the users private keys. It usually is 40 bytes of random data. DPAPI doesn't store any persistent data for itself; instead, it simply receives plaintext and returns cryptext (or vice-versa).

DPAPI security relies upon the system's ability to protect the Master Key and RSA private keys from compromise, which in most attack scenarios is most highly reliant on the security of the end user's credentials. Particular data binary large objects can be encrypted in a way that salt is added and/or an external user-provided password (aka "Strong Key Protection") is required. The use of a salt is a per-implementation option - i.e. under the control of the application developer - not controllable by the end user or IT professional.

Yeah, I didn't read it either. I did check the footnotes and saw that nobody's bragging about yoinking data out of it, though. And it has to  be better than storing passwords in plaintext. So, awesome, let's go for it!

The Nuclear Option: Encrypt The Whole Thing

The easiest way to deal with the problem is to just encrypt the entire section. That's because the ConfigurationSection knows how to protect itself, like so:

protected override void OnStartup(StartupEventArgs e) 
{ 
    // Lots of other important stuff here... 
    EncryptConfigSection("userSettings/Witty.Properties.Settings"); 
    base.OnStartup(e); 
}

private void EncryptConfigSection(string sectionKey)
{
    Configuration config = ConfigurationManager.OpenExeConfiguration(ConfigurationUserLevel.None);
    ConfigurationSection section = config.GetSection(sectionKey);
    if (section != null)
    {
        if (!section.SectionInformation.IsProtected)
        {
            if (!section.ElementInformation.IsLocked)
            {
                section.SectionInformation.ProtectSection("DataProtectionConfigurationProvider");
                section.SectionInformation.ForceSave = true;
                config.Save(ConfigurationSaveMode.Full);
            }
        }
    }
}

 

Once we've done that, the entire settings section is encrypted and placed in a <CipherValue> block:

<userSettings>
 <Witty.Properties.Settings configProtectionProvider="DataProtectionConfigurationProvider">
  <EncryptedData>
    <CipherData>
      <CipherValue>AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAABbLHX[...]</CipherValue>
    </CipherData>
  </EncryptedData>
 </Witty.Properties.Settings>
</userSettings>

That's great from a security standpoint, but by encrypting everything, we've unnecessarily restricted access to all the information in the configuration file.

<userSettings> 
<Witty.Properties.Settings> 
  <setting name="Username" serializeAs="String"> 
    <value>UserNameGoesHere</value> 
  </setting> 
  <setting name="Password" serializeAs="String"> 
    <value>OOPS-WE-STORED-THE-PASSWORD-IN-PLAINTEXT</value> 
  </setting> 
  <setting name="RefreshInterval" serializeAs="String"> 
    <value>5</value> 
  </setting> 
  <setting name="LastUpdated" serializeAs="String"> 
    <value /> 
  </setting> 
  <setting name="PlaySounds" serializeAs="String"> 
    <value>True</value> 
  </setting> 
  ... 
</Witty.Properties.Settings> 
</userSettings>

So, what would be better is to encrypt just the password. To do that, we'll need to look into SecureString and System.Security.Cryptography.ProtectedData.

What's With The SecureString?

Like just about everything to do with ASP.NET development, David Hayden told us everything we need to know about SecureString years ago. The short story is that a System.String hangs around in memory until the garbage collector picks it up, so even if we're encrypting passwords or other sensitive data in our configuration file, it's possible to snag them from memory if we're using a standard System.String. SecureString uses our old friend DPAPI to encrypt values, so they're safe from memory snooping.

It's not as great as it sounds, though, because few API's accept or return SecureStrings. While it's a good practice to use SecureStrings when we can, we'll have to convert to and from standard System.String values at some point. While we're looking at security, we might as well use SecureStrings when possible, but we should keep in mind the fact that it's totally futile. Well, not that bad, but there are times where the sensitive information is still stored as insecure strings in memory.

Encrypting Strings with ProtectedData

So here's the actual meat of this post - the code I used to encrypt passwords in Witty's configuration. We've got two main methods, EncryptString and DecryptString. They both call in to ToSecureString and ToUnsecureString (great name, huh?) whose purpose should be pretty self-explanatory.

static byte[] entropy = System.Text.Encoding.Unicode.GetBytes("Salt Is Not A Password");

public static string EncryptString(System.Security.SecureString input)
{
    byte[] encryptedData = System.Security.Cryptography.ProtectedData.Protect(
        System.Text.Encoding.Unicode.GetBytes(ToInsecureString(input)),
        entropy,
        System.Security.Cryptography.DataProtectionScope.CurrentUser);
    return Convert.ToBase64String(encryptedData);
}

public static SecureString DecryptString(string encryptedData)
{
    try
    {
        byte[] decryptedData = System.Security.Cryptography.ProtectedData.Unprotect(
            Convert.FromBase64String(encryptedData),
            entropy,
            System.Security.Cryptography.DataProtectionScope.CurrentUser);
        return ToSecureString(System.Text.Encoding.Unicode.GetString(decryptedData));
    }
    catch
    {
        return new SecureString();
    }
}

public static SecureString ToSecureString(string input)
{
    SecureString secure = new SecureString();
    foreach (char c in input)
    {
        secure.AppendChar(c);
    }
    secure.MakeReadOnly();
    return secure;
}

public static string ToInsecureString(SecureString input)
{
    string returnValue = string.Empty;
    IntPtr ptr = System.Runtime.InteropServices.Marshal.SecureStringToBSTR(input);
    try
    {
        returnValue = System.Runtime.InteropServices.Marshal.PtrToStringBSTR(ptr);
    }
    finally
    {
        System.Runtime.InteropServices.Marshal.ZeroFreeBSTR(ptr);
    }
    return returnValue;
}

Then we're pretty much set. When we want to encrypt passwords for storage, we'll make a call like this:

AppSettings.Password = EncryptString(ToSecureString(PasswordTextBox.Password));

And we can get the password back out with this kind of thing:

SecureString password = DecryptString(AppSettings.Password)

The payoff is that our configuration looks like this:

<Witty.Properties.Settings>
    <setting name="Username" serializeAs="String">
        <value>jongalloway</value>
    </setting>
    <setting name="Password" serializeAs="String">
        <value>AQAAANCMnd8BFdERjHoAwE/Cl+sBAAAAV[lots more stuff that's not my password]</value>
    </setting>
    <setting name="RefreshInterval" serializeAs="String">
        <value>5</value>
    </setting>
    <setting name="LastUpdated" serializeAs="String">
        <value>4/11/2008 12:10:33 AM</value>
    </setting>
</Witty.Properties.Settings>
For further study:
http://msdn2.microsoft.com/en-us/library/system.configuration.dpapiprotectedconfigurationprovider.aspx
http://www.codeproject.com/KB/security/ProtectedConfigWinApps.aspx
http://www.builderau.com.au/program/dotnet/soa/Encrypting-NET-configuration-files-through-code/0,339028399,339281837,00.htm

February / March 2008 Recap

Summarizing Two Months For The Price Of One!

At the end of January, I published a monthly recap and threatened to do it at the end of every month. I've generally avoided link blogging in favor of trying to write original content, but I think there's some value in compiling the major events I think developers - especially ASP.NET developers - would want to know about. I put some effort into selecting what I thought are the top stories, with a mind towards summarizing what's going on rather than just inundating you a bunch of links you won't have time to read. I included either excerpts, commentary, or both, so you can hopefully just skim the list if you like.

But wait - the last one came out at the end of January, why is this one coming out a week into April? Well, I was really busy in the last few weeks before MIX 08. I worked on a team which provided some content for the keynote, and ended up putting in some crazy hours to wrap everything up. After MIX was over, I figured I'd just wait until the end of the month so it wouldn't just be a MIX 08 recap post. But then, I had such a huge amount of information to sort through that I didn't get it done in the first week of the month. So, yes, this post is obnoxiously long. This kind of post really needs to be done monthly, lesson learned.

Got any feedback on the style, format, or content? Did I miss any big stories?

MIX 08 / Silverlight / New Toys for Microsoft Developers

Web 2.0 SP1 / Cloud Services / Ad Supported Free Gizmos

  • Google App Engine - Google Code

    Google App Engine - Google Code
    Run your web applications on Google's infrastructure. Google App Engine enables you to build web applications on the same scalable systems that power Google applications. This is a PREVIEW RELEASE of Google App Engine. For now, account registrations are limited to the first 10,000 developers, and applications are restricted to the free account limits.
    • 1_32 jongalloway
    • Apr 08, 2008 at 07:09 PM
    • Apr 08, 2008 at 07:09 PM
  • Why Google App Engine Will Be a Success : Scott Watermasysk

    Why Google App Engine Will Be a Success : Scott Watermasysk
    The cost of hosting is declining everyday, but what Google is now saying, if you build it on our stuff, we will completely host it for free until you hit about 5 million page views.
    • 1_32 jongalloway
    • Apr 09, 2008 at 11:40 PM
    • Apr 09, 2008 at 11:40 PM
  • SQL Server Data Services

    SQL Server Data Services
    SQL Server Data Services (SSDS) are highly scalable, on-demand data storage and query processing web services. Businesses use storage resources as needed transforming large upfront capital and operations expenditures into much smaller on-demand costs. "We are taking registrations for the first service beta release scheduled in March 2008. Please register at http://www.microsoft.com/sql/dataservices."
    • 1_32 jongalloway
    • Apr 09, 2008 at 11:44 PM
    • Apr 09, 2008 at 11:44 PM
  • Flickr Video Launches

    Flickr Video Launches
    Flickr users can now add video clips alongside their photos, a much requested and much anticipated feature that has been promised for over a year. The goal is not to have people upload long videos or clips of copyrighted material. To reinforce that, videos can be only 90 seconds in length and 150MB in size
    • 1_32 jongalloway
    • Apr 09, 2008 at 01:17 AM
    • Apr 09, 2008 at 01:17 AM

New Web Browsers (IE8, FF3)

  • Firefox 3 Beta: Make Your Extensions Work with the Firefox 3 Beta

    Firefox 3 Beta: Make Your Extensions Work with the Firefox 3 Beta
    * Type about:config into Firefox's address bar and click the "I'll be careful, I promise!" button. * Right-click anywhere. Choose New>Boolean. Make the name of your new config value extensions.checkCompatibility and set it to false. * Make another new boolean pair called extensions.checkUpdateSecurity and set the value to false. * Restart Firefox.
    • 1_32 jongalloway
    • Mar 25, 2008 at 12:34 PM
    • Mar 25, 2008 at 12:34 PM
  • Open bug in Firefox 3 Beta 5 - Closing tabs with Silverlight 2 objects crashes browser

    Open bug in Firefox 3 Beta 5 - Closing tabs with Silverlight 2 objects crashes browser
    Bug 421217 – NPRuntime object reference counting is violated by NPObjWrapperPluginDestroyedCallback causing Silverlight 2.0 beta: crashes when closing tab/window [@ JS_SetPrivate - NPObjWrapperPluginDestroyedCallback] Lots of arguing; looks like fixes are required on both sides to me.
    • 1_32 jongalloway
    • Apr 09, 2008 at 11:20 PM
    • Apr 09, 2008 at 11:20 PM
  • Firefox 3 for developers

    Firefox 3 for developers
    If you're a developer trying to get a handle on all the new features in Firefox 3, this is the perfect place to start. This article provides a list of the new articles covering features added to Firefox 3. While it doesn't necessarily cover every little change, it will help you learn about the major improvements.
    • 1_32 jongalloway
    • Apr 08, 2008 at 11:38 PM
    • Apr 08, 2008 at 11:38 PM
  • Joel Spolsky on the IE8 web standards decision

    Joel Spoelsky on the IE8 web standards decision
    "Almost every web site I visited with IE8 is broken in some way. Websites that use a lot of JavaScript are generally completely dead. [...] IE 8 can’t display most web pages correctly until you give up and press the “ACT LIKE IE7? button. The idealists don’t care: they want those pages changed. Some of those pages can’t be changed. They might be burned onto CD-ROMs. Some of them were created by people who are now dead. Most of them created by people who have no frigging idea what’s going on and why their web page, which they paid a designer to create 4 years ago, is now not working properly." I'm breaking with tradition and agreeing with Joel Spolsky. The IE team had it right the first time, but their horribly broken development/release cycle prompted the web dev community to campaign for the wrong thing.
    • 1_32 jongalloway
    • Apr 09, 2008 at 11:30 PM
    • Apr 09, 2008 at 11:30 PM
  • Internet Explorer 8 Beta: The Features

    Internet Explorer 8 Beta: The Features
    New features in Internet Explorer 8 Beta are made specifically for developers including the developer toolbar, improvement in AJAX performance, and improved interoperability with Quirks and Standards mode. Also, some info on Webslices and Activities.
    • 1_32 jongalloway
    • Apr 09, 2008 at 10:57 PM
    • Apr 09, 2008 at 10:57 PM
  • Acid2: The Guided Tour

    Acid2: The Guided Tour
    IE8 passes the Acid2 test. What does that mean for developers? Acid2 assumes basic support for HTML4, CSS1, PNG, and Data URLs. The first three items on the list are included for obvious reasons: they form the backbone of web content standards. Data URLs are described in HTML4 but is less used due to lack of support. We believe data URLs are convenient and useful for web designers, and easy to add in browsers.
    • 1_32 jongalloway
    • Apr 08, 2008 at 11:36 PM
    • Apr 08, 2008 at 11:36 PM

General Microsoft News

  • Scott Guthrie promoted to Corporate Vice President, .NET Developer Platform

    Scott Guthrie promoted to Corporate Vice President, .NET Developer Platform
    REDMOND, Wash. — Feb. 14, 2008 —Microsoft Corp. today announced a series of executive promotions — seven new senior vice presidents and seven new corporate vice presidents... Scott Guthrie, corporate vice president, .NET Developer Platform. Previously general manager, Guthrie will continue to oversee several development teams responsible for delivering Microsoft Visual Studio developer tools and Microsoft .NET Framework technologies for building client and Web applications.
    • 1_32 jongalloway
    • Apr 09, 2008 at 02:21 AM
    • Apr 09, 2008 at 02:21 AM
  • Microsoft Interoperability Announcements

    Microsoft Interoperability Announcements
    "As an immediate next step, starting today Microsoft will openly publish on MSDN over 30,000 pages of documentation for Windows client and server protocols that were previously available only under a trade secret license through the Microsoft Work Group Server Protocol Program (WSPP) and the Microsoft Communication Protocol Program (MCPP). Protocol documentation for additional products, such as Office 2007 and all of the other high-volume products covered by these principles, will be published in the upcoming months. Microsoft will indicate on its Web site which protocols are covered by Microsoft patents and will license all of these patents on reasonable and non-discriminatory terms, at low royalty rates. Microsoft is providing a covenant not to sue open source developers for development or non-commercial distribution of implementations of these protocols." Probably groveling for OOXML support, but it's good stuff.
    • 1_32 jongalloway
    • Apr 09, 2008 at 02:11 AM
    • Apr 09, 2008 at 02:11 AM
  • Windows XP cut-off set for June 30

    Windows XP cut-off set for June 30
    Microsoft officials said the current June 30, 2008 cut-off date for Windows XP would remain in place for the vast majority of machines.
    • 1_32 jongalloway
    • Apr 08, 2008 at 10:09 PM
    • Apr 08, 2008 at 10:09 PM
  • OOXML: The Wins - Miguel de Icaza

    OOXML: The Wins - Miguel de Icaza
    Regardless of where you stand on the outcome of OOXML becoming an ISO standard, it is worth pointing out that the opposition to OOXML pushed Microsoft into more open directions.
    • 1_32 jongalloway
    • Apr 08, 2008 at 10:09 PM
    • Apr 08, 2008 at 10:09 PM
  • Windows Vista Service Pack 1

    Windows Vista Service Pack 1
    Published: March 18, 2008 - Windows Vista Service Pack 1 is an update to Windows Vista that addresses feedback from our customers. In addition to previously released updates, SP1 contains changes focused on addressing specific reliability and performance issues, supporting new types of hardware, and adding support for several emerging standards. Windows Vista SP1 also addresses some management, deployment, and support challenges.
    • 1_32 jongalloway
    • Apr 08, 2008 at 10:07 PM
    • Apr 08, 2008 at 10:07 PM
  • Singularity RDK - Release: Singularity RDK 1.1

    Singularity RDK - Release: Singularity RDK 1.1
    This is the initial public release of the Singularity Research Development Kit (RDK) based on the Microsoft Research Singularity project.
    • 1_32 jongalloway
    • Apr 08, 2008 at 08:22 PM
    • Apr 08, 2008 at 08:22 PM
  • Microsoft announces XNA for Zune

    Microsoft announces XNA for Zune
    I'm really surprised it's taken so long, but it's good to see that Microsoft has plans to put the Zune hardware to use. I wrote about this a while ago.
    • 1_32 jongalloway
    • Mar 25, 2008 at 12:32 PM
    • Mar 25, 2008 at 12:32 PM
  • Windows Server 2008 is called SP1

    Windows Server 2008 is called SP1
    This means the that the Service Packs are shared, that patches get released at the same time, etc etc. I believe it is incredibly simplified for customers. The other thing is the servicing stack is now smart enough to not download stuff you don't need. This means if you have a Vista system & the service pack has fixes to Active directory, the Vista system does not get the directory update downloaded to them. Vice versa - if there was ever the need for a fix to media player (shock horror, who ever heard of the need to fix security issues there), you don't get it on server unless you install the Desktop Experience pack. So, it's called SP1 - in retrospect i should just say its called that so you don't have to wait for SP1 for it to be right like people have before. The first Service Pack for WS08 will be called SP2.
    • 1_32 jongalloway
    • Feb 22, 2008 at 12:22 AM
    • Feb 22, 2008 at 12:22 AM

Windows Mobile getting Flashlight, iPhone Not

  • Microsoft licenses Adobe’s FlashLite for Win Mobile phones

    Microsoft licenses Adobe’s FlashLite for Win Mobile phones
    On March 17, Adobe announced that Microsoft had licensed Adobe’s FlashLite technology, enabling Windows Mobile phones to run Flash. Microsoft quietly noted last week that it would release Version 1.0 of its own Flash-competitive technology, Silverlight, running on Windows Mobile 6 phones in the second quarter of 2008.
    • 1_32 jongalloway
    • Apr 08, 2008 at 10:06 PM
    • Apr 08, 2008 at 10:06 PM
  • Microsoft Adopts Flash Lite For Windows Mobile As a Stopgap Measure

    Microsoft Adopts Flash Lite For Windows Mobile As a Stopgap Measure
    Flash Lite for mobile phones might not be good enough for Steve Jobs, but Microsoft is less picky. It is licensing Flash Lite for Windows Mobile. This is an acknowledgment of two things: there are a lot of developers and existing Websites out there that work with Flash, and the mobile version of Microsoft’s own competing Silverlight software is nowhere near ready to be deployed.
    • 1_32 jongalloway
    • Apr 08, 2008 at 11:38 PM
    • Apr 08, 2008 at 11:38 PM
  • Apple stabs Adobe in the back (no Flashlight on iPhone) - Robert Scoble

    Apple stabs Adobe in the back (no Flashlight on iPhone) - Robert Scoble
    On a week when Microsoft landed a big deal to put Silverlight on Nokia phones, Apple’s CEO, Steve Jobs, tells Adobe that there won’t be Flash on the iPhone. This is a real bummer for Adobe and many users and developers, because most of the world’s casual games are written for Flash. Just go over to game site Kongregate. Or, look at the world’s video like that on YouTube (or any other video site like the Qik one that I use on my cell phone). Almost all of it is done in Flash. Now developers at those sites will need to find some other method to get those games and videos onto the iPhone.
    • 1_32 jongalloway
    • Apr 10, 2008 at 12:33 AM
    • Apr 10, 2008 at 12:33 AM

Software Updates / Releases

  • Featured Download: Updated FolderShare Offers Vista Support, Better Interface

    Featured Download: Updated FolderShare Offers Vista Support, Better Interface
    Windows and Mac OS X: Free data-syncing utility FolderShare has released an updated Windows client with better Windows Vista support and performance, as well as a redesign of the web site where you can easily share and grab files from another computer, whether it's Mac or PC. As with the first time we mentioned it, FolderShare only limits individual file sizes (up to 2 GB) and the number of files per shared library (10,000)—other than that, it's whatever you want to share. I was sure these guys were dead. Nice to see something from them, even though there's no change to the 10K file limit.
    • 1_32 jongalloway
    • Apr 09, 2008 at 11:03 PM
    • Apr 09, 2008 at 11:03 PM
  • Telligent released Graffiti CMS

    Telligent released Graffiti CMS
    Graffiti is a new product from Telligent that makes publishing simple and easy. Graffiti marries powerful content management capabilities with modern publishing tools found in social media applications (like blogs). Whether it's your personal blog, your family Web site, or a presence for your small business, Graffiti is the best solution for simple content management. Free Express Edition, Full editions range from $399 to $7500. Runs on Mono, which is pretty neat.
    • 1_32 jongalloway
    • Apr 09, 2008 at 01:59 AM
    • Apr 09, 2008 at 01:59 AM
  • ReSharper 4.0 Nightly Builds - JetBrains.net

    ReSharper 4.0 Nightly Builds - JetBrains.net
    Fans of ReSharper (a popular refactoring and code editing add-in for Visual Studio .NET) will be interested in the progress of ReSharper 4.0, which adds support for Visual Studio 2008.
    • 1_32 jongalloway
    • Feb 22, 2008 at 12:21 AM
    • Feb 22, 2008 at 12:21 AM
  • Inkscape 0.46 released, includes XAML support

    Inkscape 0.46 released, includes XAML support
    In addition to a bunch of other cool features, Inkscape 0.46 can import vector graphics portions of XAML documents, as well as export its documents to XAML.
    • 1_32 jongalloway
    • Apr 09, 2008 at 11:37 PM
    • Apr 09, 2008 at 11:37 PM

Digital Identity (OpenId, Information Card, etc.)

I continue to be amazed how little interest has been shown in digital identiy solutions. It seems like this is finally starting to pick up.

Posted by Jon Galloway | 55 comment(s)
Filed under:

Visual Studio 2008 (Beta 2) Install - Easter Egg?

Exactly one week ago, I was testing something that required me to install the old Visual Studio 2008 (Beta 2) on a virtual machine. I got part way through the install when a bizarre set of circumstances led to my accidentally sitting on the keyboard. A bunch of buttons got pressed in some random order, and all of a sudden the screen switched to this:

Visual Studio 2008 - Easter Egg

After a few seconds, it went back to the normal install screens with Mr. Tiny Face.

Visual Studio 2008 - Mr. Tiny Face

I was able to grab a screenshot of the first screen with TimeSnapper, but for the life of me I can't figure out what the keystroke combination was that made it show. I've tried sitting on my keyboard, bashing random keys, and even looking at the executable resources. After a week of trying, I'm giving up - I just can't get it to show up again. Maybe it was keyed to the date, somehow?

I'm glad I've at least got that screenshot, or no one would believe this. You believe me, don't you?

Posted by Jon Galloway | 18 comment(s)
Filed under: , ,
More Posts